Reading between the lines this looks like a hybrid attack with multiple objectives. Ransomware is bad enough to deal with but finding the other compromise(s) is made almost impossible when your fighting to restore systems…:
The Scottish Environment Protection Agency (Sepa) confirmed it was continuing to respond to an ongoing ransomware attack, probably by international serious and organised cyber-crime groups.
The agency was subjected to a “complex and sophisticated” cyber attack on Christmas Eve.
The agency also confirmed the theft of 1.2GB of data, which suggests around 4,000 files may have been accessed and stolen by criminals.
Sepa reassured the public that priority regulatory, monitoring, flood forecasting and warning services are adapting and continuing to operate.
Terry A’Hearn, Sepa chief executive, said: “Whilst having moved quickly to isolate our systems, cybersecurity specialists, working with Sepa, the Scottish Government, Police Scotland and the National Cyber Security Centre, have now confirmed the significance of the ongoing incident.
Sadly, we’re not the first and won’t be the last national organisation targeted by likely international criminals
“Partners have confirmed that Sepa remains subject to an ongoing ransomware attack likely to be by international serious and organised cyber-crime groups intent on disrupting public services and extorting public funds.”
The agency added that recovery may take a significant amount of time, with some systems remaining badly affected for some time.