UPDATED 22:15 EDT / JANUARY 17 2021

SECURITY

Scottish Environmental Protection Agency hit by ransomware attack

The Scottish Environmental Protection Agency has revealed that it was struck by a ransomware attack on Christmas Eve that shut down its internal networks.

The form of the ransomware attack was not disclosed, but the attack was detected at 12:01 a.m. Dec. 24. According to the agency, it affected its contact center, internal systems, processes and internal communications.

SEPA described the attack as “likely to be by international serious and organized cyber-crime groups intent on disrupting public services and extorting public funds.” The agency’s email system are still down with some internal systems and external data products remaining offline.

The BBC reported late last week that “this has been an incredibly sophisticated attack on Scotland’s environmental regulator which has locked their IT systems and crippled them now for three weeks.” It’s a convoluted way of saying they were struck by ransomware and didn’t have adequate backups to restore their systems. The BBC also said the attack has “all the hallmarks of Russian organized cybercriminals.”

SEPA itself ticked off the list of how to respond to a ransomware attack, such as hiring cybersecurity experts to analyze the attack and contacting police. Where it slightly differs is that the agency set five priorities in response to the ransomware attack, including “protecting Scotland’s environment.”

SEPA also disclosed that they believe 1.2GB of data was stolen in the attack which they try to dismiss as “the equivalent to a small fraction of the contents of an average laptop hard drive.” The data stolen includes business information, procurement information, project information and employee data.

That data was stolen became typical in ransomware attacks in the second half of 2020. S0-called “double-tap” ransomware has come to the fore, with ransomware gangs no longer content with simply trying to extort companies and organizations by encrypting their files. They’re also stealing data and threatening to publish the stolen data if the ransom isn’t paid.

One example of a double-tap ransomware attack was one that targeted Kmart Corp. in December. In that case, the Egregor ransomware gang gave Kmart 72 hours to contact it before releasing stolen data on its website “Egregor News.”

Image: SEPA

A message from John Furrier, co-founder of SiliconANGLE:

Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.

  • 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
  • 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.