Scottish Agency Network Remains Inaccessible Weeks After Ransomware Attack

Conti, a notable ransomware gang, published thousands of government files belonging to the Scottish Environment Protection Agency (SEPA) after the agency refused to meet its demands. According to an update from the agency, the ransomware gang appears to have run out of patience with its victim and is now moving forward with its blackmail. 

SEPA’s Bluff Backfires

The government body, which handles the country’s environmental preservation efforts, was attacked on Christmas Eve. An update from the agency explained that about 1.28 GB worth of data had been compromised. The personal details of the agency’s staff were also stolen.

The attack weakened several of SEPA’s functionalities. In its update, the agency explained that it could still provide monitoring and regulatory services, as well as warning and flood forecasting. However, the vast majority of its services had been affected as it had to isolate several of its systems. 

SEPA also confirmed that it would take a significant period of time before remediation efforts kick in, and get its systems back online fully. A month after the attack, the regulatory body’s platform remains largely inaccessible as it continued to work to fix the damage done. 

SEPA didn’t provide any information on the type of ransomware used in the attack. However, the Conti gang released a statement claiming that they had been the masterminds. 

In its latest update, SEPA confirmed that the hackers had published at least 4,000 files. Still, it remains resolute in its stand not to negotiate with them. Terry A’Hearn, the agency’s chief executive, explained that SEPA won’t pay criminals with public funds – no matter how dire the situation gets. 

 “We have made our legal obligations and duty of care on the sensitive handling of data a high priority and following Police Scotland advice, are confirming that data stolen has been illegally published online. We are working quickly with multi-agency partners to recover and analyze data then, as identifications are confirmed, contact and support affected organizations and individuals,” A’Hearn said.

Ransomware Exposes Weak Security Protocol

Ransomware attack is one of the favorite methods cybercriminals use to amass millions of dollars. Ransomware viruses basically steal data from a large datacenter and the perpetrators threaten to make it public if a certain sum is not paid to recover it.  The stolen data is encrypted and the decryption key will only be released when the requested money is paid. 

These attacks were especially prominent in 2020, with hackers taking advantage of corporations’ and governments’ need to be online. Last September, Bleeping Computer reported that the Netwalker ransomware gang breached the networks of Argentina’s immigration agency and demanded $2 million in ransom. 

 The attack essentially shut down all Argentinian borders for about four hours, forcing immigration officials to move their operations offline. It is unclear whether the ransom – which increased to $4 million after a week – was eventually paid.