On Thursday, the Scottish Environmental Protection Agency (SEPA) said it had been subjected to a “complex and sophisticated” ransomware attack, where sensitive IT systems are breached by criminals who demand money to prevent the public release of the stolen information.
The hack saw the theft of around 1.2GB of the SEPA’s data.
While small, the figure suggests around 4,000 files on the agency’s servers may have been accessed and stolen by the criminals.
SEPA said the data was primarily related to business dealings, including its work with international partners and corporate plans.
Personal information relating to a number of the agency’s staff is also thought to have been accessed.
The agency said it “immediately” enacted business continuity arrangements once it identified the cyber attack, and the agency’s Emergency Management Team is working with Scottish Government, Police Scotland and the National Cyber Security Centre to respond to what it described as “complex and sophisticated criminality.”
A Police Scotland investigation is now underway.
On Thursday, SEPA admitted that a number of computer systems will remain badly affected “for some time,” adding that email systems are still offline.
But it insisted that priority regulatory, monitoring, flood forecasting and warning services are adapting and continuing to operate.
Terry A’Hearn, Sepa chief executive, said: “Whilst having moved quickly to isolate our systems, cybersecurity specialists, working with Sepa, the Scottish Government, Police Scotland and the National Cyber Security Centre, have now confirmed the significance of the ongoing incident.
“Partners have confirmed that Sepa remains subject to an ongoing ransomware attack likely to be by international serious and organised cyber-crime groups intent on disrupting public services and extorting public funds.”
Mr A’Hearn added: “We have prioritised our legal obligations and duty of care on the sensitive handling of data very seriously, which is why we have worked closely with Police Scotland, Scottish Government, the National Cyber Security Centre and specialist cybersecurity professionals day and night since Christmas Eve.
“Work continues by cybersecurity specialists to seek to identify what the stolen data was.
“Whilst we don’t know and may never know the full detail of the 1.2GB of information stolen, what we know is that early indications suggest that the theft of information related to a number of business areas.
“Some of the information stolen will have been publicly available, whilst some will not have been.
“Whilst the actions of serious and organised criminals means that for the moment we’ve lost access to our systems and had information stolen, what we’ve not lost is the expertise of over 1,200 staff who day in, day out work tirelessly to protect Scotland’s environment.
“Sadly, we’re not the first and won’t be the last national organisation targeted by likely international criminals.
“Cyber-crime is a growing trend. Our focus is on supporting our people, our partners, protecting Scotland’s environment and, in time, following a review, sharing any learnings with wider public, private and voluntary sector partners.”