Ongoing ransomware attack leaves systems badly affected, says Scottish environment agency

This is a follow up to an attack which happened at the end of last year. The effects will be with the Environment Agency for some time…:

[…] But while the infected systems have been isolated, SEPA’s latest update on the ransomware attack says that recovery will take a “significant period” and that a number of systems will “remain badly affected for some time” with entirely new systems required. SEPA has blamed the ransomware attack on “serious and organised” cyber criminals.

“Whilst having moved quickly to isolate our systems, cybersecurity specialists, working with SEPA, Scottish Government, Police Scotland and the National Cyber Security Centre, have now confirmed the significance of the ongoing incident,” said Terry A’Hearn, Chief Executive of SEPA.

“Partners have confirmed that SEPA remains subject to an ongoing ransomware attack likely to be by international serious and organised cyber-crime groups intent on disrupting public services and extorting public funds.”

While the organisation itself hasn’t confirmed what form of ransomware it has fallen victim to, the cyber-criminal group behind Conti ransomware has published what it claims to be data stolen from the Scottish government agency.

Stealing data has become increasingly common for ransomware gangs. They use the stolen data to double-down on attempts at extortion by threatening to leak the information if the victim doesn’t give into the ransom demand of hundreds of thousands, or even millions, of dollars in bitcoin in exchange for the decryption key. […]

Original article