SEPA ‘will not engage with criminals’ as it continues to deal with cyber attack
SEPA has said it “will not engage with criminals intent on disrupting public services and extorting public funds”, as it continues to deal with a ransomware attack that has been ongoing since Christmas Eve.
Some of the information stolen from SEPA has now been published online, but Police Scotland is warning individuals and organisations not to search for it, as accessing the host site may place their computer infrastructure at risk.
SEPA previously confirmed the theft of around 1.2 GB of data, which the agency points out is the equivalent to a fraction of the contents of an average laptop hard drive, but it still means that at least 4,000 files may have been stolen by criminals.
This includes business and staff information, some of it already publicly available and some of it internal.
But although work is under way to analyse the data set, the agency says it does not yet know, and may never know, the full details of the 1.2GB of information stolen.
It confirmed that staff had been contacted based on the information available, and were being supported, and that a dedicated data loss support website, Police Scotland guidance, enquiry form and support line was available for regulated business and supply chain partners.
SEPA chief executive, Terry A’Hearn said: “Supported by Scottish Government, Police Scotland and the National Cyber Security Centre, we continue to respond to what remains a significant and sophisticated cyber attack and a serious crime against SEPA
“We’ve been clear that we won’t use public finance to pay serious and organised criminals intent on disrupting public services and extorting public funds.
“We have made our legal obligations and duty of care on the sensitive handling of data a high priority and, following Police Scotland advice, are confirming that data stolen has been illegally published online.
“We’re working quickly with multi-agency partners to recover and analyse data then, as identifications are confirmed, contact and support affected organisations and individuals.”
Detective Inspector Michael McCullagh of Police Scotland’s Cybercrime Investigations Unit said: “This remains an ongoing investigation.
“Police Scotland are working closely with SEPA and our partners at Scottish Government and the wider UK law enforcement community to investigate and provide support in response to this incident.
“Enquiries remain at an early stage and continue to progress including deployment of specialist cybercrime resources to support this response.
“It would be inappropriate to provide more specific detail of investigations at this time."
Jude McCorry, chief executive of the Scottish Business Resilience Centre, said: “There are many ways including ransomware a business can experience a cyber security incident, with varying levels of complexity and disruption.
“Cyber incidents can occur through deliberate targeting like we have seen with SEPA, or even human error, the end result is the same, a disruptive effect on business operations.
“At SBRC we are working in partnership with Police Scotland and Scottish government running the UK’s first collaborative cyber incident response helpline for organisations in Scotland.
“If you feel that you are a victim of a cyber attack, your first call should be to Police Scotland on 101 to report the crime (whilst respecting your IT systems as a crime scene) and our incident response helpline on 01786 437472.
“We will assist you with immediate support and expert guidance, and ensure you are speaking to the correct agencies and organisations to help you feel supported and get you back in operation securely.”
SEPA’s priority regulatory, monitoring, flood forecasting and warning services are continuing to operate and it will give a broader update on service delivery and recovery next week.