Empire Market Cartel Marketplace Hidden Links

Scottish Environmental Protection Agency Confirms Ongoing Ransomware Attack

SEPA's email system is still down almost a month after the initial breach. The Scottish Environmental Protection Agency (SEPA) is still responding to an ongoing ransomware attack it identified on Christmas Eve, which has knocked many of its critical IT systems offline.

According to SEPA, an initial investigation suggests that a highly organised, international cyber-crime group is behind the attack, intending to disrupt SEPA's public services and extort public funds. The Agency's email system is still down almost a month after the initial attack, and some internal systems and external data products will remain offline in the short term.

Despite that, SEPA has adapted priority services like flood forecasting and monitoring to the situation, and they continue to operate. Many of the infected machines have been isolated, though SEPA believes entirely new systems will be required for the services to return to normal.

The cyber criminals only stole about 1.2GB of data in the ransomware attack - a tiny amount, in modern data terms. It included employee information, business and procurement data, and details of some projects.

SEPA is working with the National Cyber Security Centre (NCSC), Scottish government and Police Scotland to mitigate the attack and identify the hackers. It also says it is taking professional advice from cyber security experts for the recovery of its affected systems.

While SEPA did not discuss what form of ransomware it has been hit with, the operators behind Conti ransomware have reportedly published data they claim belongs to SEPA. Stealing confidential data from victims has become increasingly common for ransomware gangs.

In June last year, the actors behind the REvil ransomware launched an auction site, 'The Happy Blog', to sell data stolen from companies it had compromised.

The group posted samples of data belonging to Canadian firm Agromart Group, and claimed that scanned copies of Agromart's financial accounts, agreement forms and credit application, personal net worth documents and users' age records were among the data available for auction.

In March 2020, three ransomware groups - Nefilim, the CLOP and the Sekhmet - also established websites to publish the sensitive data of non-payers. Earlier this month, the operators of the Pysa (or Mespinoza) ransomware published what they claimed to be documents stolen from the Hackney Borough Council on a dark web forum.

The hackers said they were behind the October cyber attack on the Council, which disrupted its online services and left many of the systems inoperable four months ago.


Read Comments & Discuss This Article on Dread

Share this article

  • The Deep Web
  • Cryptocurrencies
  • Darknet Markets
  • Cybersecurity & ...
  • Editor's Picks
Maybe you’ve heard of the Silk Road market (or
Earlier this week, noted security researcher and
At least $11 billion in unemployment benefits so
Ever wanted to get access to your spouse’s
Global Drug Survey finds 15% of global
The COVID-19 pandemic is still raging through the
Rise of professional criminal gangs,
Boneless was one of HackBB's most tireless
Cybercriminals are taking advantage of the
  • 1
  • 2
  • 3
Cartel Marketplace   Hidden Links   Onion Scanner


Visit Our Friends

Subscribe to Our Newsletter

Enter your email to receive our monthly newsletter!
We use cookies to improve our website. By continuing to use this website, you are giving consent to cookies being used. More details…