SEPA refuses to pay ransom, has its files published

Following a ransomware attack on Christmas Eve last year, the Scottish Environment Protection Agency (SEPA) made the decision not to pay the ransom.

The result of this was that the stolen files were published.

On top of that, the agency’s operations remain disrupted.

Cybercriminals were able to get away with 1.2 GB worth of data belonging to Scotland’s government regulator for environmental protection.

Almost a month has passed from the time of the attack, and the organisation’s operations still remain disrupted.

SEPA has stood its ground though, and has made it clear that it will not engage with the cybercriminals.

The ransomware gang Conti claimed responsibility for the attack.

Due to SEPA’s decision, the leaked files have now been published on Conti’s website.

The leak consists of over 4,000 documents and databases related to:

  • Contracts
  • Strategy
  • Commercial services

However, SEPA confirmed that the numbers could potentially be even higher than that.

Terry A’Hearn, the chief executive officer of SEPA, said that using public finance to fund a criminal organisation is not an option, extortion or not.

The sensitive handling of data remains SEPA’s priority and it is following advice from Police Scotland.

SEPA has joined forces with multi-agency partners to analyse and recover the data.

Once identifications have been confirmed, SEPA officials will contact the affected organisations and individuals.

Investigations are underway, and Police Scotland, the Scottish government, and the National Cyber Security Centre are working on the case.

SEPA is still able to provide certain kinds of services, such as flood forecasting and warning services and regulation and monitoring.

Stealing data and threatening to release it into the wild if the ransom is not paid appears to be the current go-to tactic for successful ransomware gangs.

The victims often pay the ransom despite restoring the files themselves in order to prevent a potential leak.