SEPA Cyberattack Full Recovery Could Take Years
The Agency Was Locked Out of Its Network on Christmas Eve After Falling Victim to Conti Ransomware Gang, and Has Been in Recovery Mode Ever Since.
On Christmas Eve, the Scottish Environment Protection Agency (SEPA) had more than 4,000 digital files stolen by threat actors. According to Terry A’Hearn, the organization’s CEO, the recovery of IT systems could take two years.
SEPA’s responding to a significant cyber attack affecting our contact centre and internal systems. Core regulatory, monitoring, flood forecasting & warning service continue but communication into organisation is significantly impacted. More information at https://t.co/KBFs7KbyKM pic.twitter.com/j9iHnnE2Mg
— Scottish Environment Protection Agency (SEPA) (@ScottishEPA) December 24, 2020
As reported by BBC Scotland, the agency said it had backup systems in place but so far it had not recovered all of its environmental data sets.
What’s more, SEPA rejected a ransom demand for the attack, which was claimed by the Conti ransomware group. As a result, the stolen files were then released on the Internet.
The organization managed to restore the majority of its key services, such as flooding forecasting and is currently building new IT systems to run them from.
In a statement for the BBC, A’Hearn said
I think this a process that will take a year or two. We had reform aims anyway, we were going to build a new IT system progressively over five or six years. This is an opportunity we didn’t want provided by criminals, but we’ve decided to fast-track that and will build that in one or two years.
Additionally, A’Hearn said there was no intention of paying the ransom, adding that if they have done so, they would have increased the risk for everyone else.
SEPA Spent Nearly £800,000 on Cyberattack Response
Back in April, BBC Scotland asked SEPA if it had offline backups of every data set that it was responsible for. The agency replied that the question would be dealt with under freedom of information laws.
A response to this freedom of information (FOI) request is still outstanding; however, A’Hearn said SEPA was making good progress in recovering its environmental datasets from offline storage.
Like all organizations we had a variety of ways of backing up, we have recovered the vast majority of our environmental data sets – we’re now working on them again on a priority basis.
Figures released to BBC Scotland under freedom of information laws point out that, so far, a total of £790,000 has been spent on the watchdog’s response and recovery actions, including £458,000 on stabilizing the SEPA’s business IT platform.
Police Scotland is still investigating the attack and has previously indicated the likely involvement of international organized cybercrime.
Not the First Conti Ransomware Attack
On March 27th, the Conti ransomware gang encrypted the systems at Broward County Public Schools threatened to leak a vast trove of personal data, including students, teachers, and employees’ social security numbers, addresses, birth dates, and school district financial contact information.
On May 14th, Ireland’s Health Service Executive (HSE), the country’s publicly funded healthcare system, had to shut down all of its IT systems after falling victim to the same ransomware operators.
That same month, Conti deployed a ransomware attack on the City of Tulsa’s network. The attack had a massive impact as the city was forced to shut down its network in order to prevent the spread of malware.