Scotland's government regulator has come under attack ransomware on Christmas Eve, resulting in 1,2 GB of data being stolen. Almost a month after attack, SEPA services are still in trouble, but the agency has made it clear that it will not succumb to blackmail by hackers for ransom.
SEPA has not confirmed the type of ransomware it was infected with, but the gang Accounts ransomware claimed responsibility for the attack.
As a result of its refusal to pay, Conti published all the stolen data on its website, which includes more than 4.000 documents and databases related to contracts, commercial services and strategy. The last information by SEPA confirms that at least 4.000 files have been stolen and published.
"We were clear that we would not use public finances to pay the organized Criminals, which were intended to disrupt public services and blackmail public funds"He said Terry A'Hearn, CEO of SEPA.
"We have made our legal obligations and the duty of care for sensitive data handling a high priority and following the advice of the Scottish Police, we confirm that the stolen data has been illegally published in Internet. We work with many companies to retrieve and analyze data, as identifications are confirmed and we communicate and support organizations and individuals affected", He added.
SEPA is working with damage recovery agencies, including the Scottish Government, Scottish Police and the National Cyber Security Center (NCSC).
Despite the impact of the attack, SEPA is still able to provide flood forecasting and warning services, as well as regulation and monitoring services.
Ransomware is one of the most annoying and destructive attacks on cyberspace that an organization can deal with and criminals show no signs of slowing down campaigns since, for now at least, ransomware gangs still secure large sums of money from a significant percentage of victims.