How Long Will SEPA be Disrupted by Ransomware Attack?

More details have emerged in the last couple of weeks of the significant impact of the ransomware attack on the Scottish Environment Protection Agency (SEPA) that began on Xmas Eve.  Nearly 4 weeks on, it has emerged that the email system is still down and that emails submitted since the attack began cannot be accessed.  It is not even clear if the various IT systems that have been affected can be restored, or will ultimately have to be replaced.

It has also emerged that 1.2Gb of data has been stolen.  Whilst this is a small amount by the standards of modern data breaches, SEPA have advised it includes information relating to businesses, procurement, projects, and staff.  The motive for the attack remains unclear.  SEPA states that the attack is likely to be the work of “international serious and organised cyber-crime groups” and there has already been at least one ransomware group has claimed to have stolen data from SEPA.

SEPA is to be commended for the way in which it has recovered priority services, such as flood forecasting and on-line reporting of pollution incidents, in this difficult situation.  However, following the targeting of Hackney Borough Council in October 2020, it is a concern that another important public-sector organisation has been impacted in this way.