SCOTLAND's environmental regulator says it will not be held to ransom after its systems were crippled for three weeks by an "international serious and organised cyber-crime groups".
The Scottish Environmental Protection Agency (SEPA) has confirmed that a highly organised, international cybercrime group are demanding an undisclosed ransom to unlock its digital systems which have been subjected to a cyber attack since Christmas Eve.
The Scottish Government agency has confirmed that more than 1GB of data has been stolen, including personal information about staff and some related to businesses that they regulate and work with. Early indications suggest at least 4,000 files may have been taken.
Sepa's chief executive Terry A'Hearn who described the attack as "hideous" said: "We won't be using public funds to pay ransoms to criminals."
The agency says that its critical work, including putting out flood alerts will continue.
Police Scotland and the National Cyber Security Centre are investigating.
"I don't think there are significant concerns about our ability to protect the environment. We are determined these criminals will not stop us doing that," Mr A'Hearn said.
READ MORE: Hackers publish data stolen in Hackney Council cyber attack
"I can assure the public that we will be able to do our job to protect the environment.
The agency said that international groups were likely to be behind the ransomware attack that has locked its emails and contacts centre.
Sepa is responsible for regulating over 5,000 industrial sites across the country to prevent them from polluting land, water and air. It maintains huge databases to monitor the state of Scotland’s environment, and keeps records of pollution breaches by companies.
The attack has hit their internal communications and systems including email would remain badly affected for some time. It was likely that new systems would have to be built from scratch.
Sepa's chief executive Terry A'Hearn said: "It is a hideous crime that is becoming more and more common.
"We have engaged with Police Scotland and other cyber experts to understand what has happened and start a recovery process. What we haven't lost is our 1200 expert staff. So at the first day we were able to put out flood alerts, one of our most important responsibilities.
"We have found ways in the first few weeks to ensure we can do our critical service provision to the people of Scotland."
Although infected systems have been isolated, the agency warned that recovery “may take a significant period” and that a number of systems will remain “badly affected for some time”.
Information stolen included project information relating to their commercial work with international partners. Some information related to SEPA corporate plans, priorities and change programmes.
It is believed that new computer systems will be required as a result of the ransomware attack.
Information submitted to SEPA by email since Christmas Eve was not currently accessible.
READ MORE: Two Scots seized as international cyberattack website shut down
Detective Inspector Michael McCullagh of Police Scotland’s Cybercrime Investigations Unit said: “This remains an ongoing investigation. Police Scotland are working closely with SEPA and our partners at the Scottish Government and the wider UK law enforcement community to investigate and provide support in response to this incident.
“Enquiries remain at an early stage and continue to progress including the deployment of specialist cybercrime resources to support this response.”
Ransomware hijacks the data on a computer system by encrypting it and demanding that the owners pay money for it to be decrypted.
Experts say that having up-to-date anti-virus software and educating users to not open suspicious attachments will help protect against such attacks.
But firms across Scotland are being warned to guard against the emergence of new and effective methods of cyberattack during the last 12 months.
Previously the malware usually got into your system when someone clicked on a link, letting in the ransomware that automatically found data and files to encrypt.
Now, criminals can automatically scan firewalls, looking for ports and vulnerabilities to gain access.
Some experts say that with so many people currently working remotely on poorly configured connections and devices, they are hitting the jackpot.
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules here