Ransomware Attack on Scottish Environmental Protection Agency SEPA

548

A ransomware attack that took place on SEPA aka Scottish Environmental Protection Agency on the Christmas eve of last year is said to said to be showing -ve repercussions as hackers have leaked the stolen data on the previous note.

According to the statement released by SEPA on January 14th,2021, it is suspected that the cyber crooks have stolen 1.2GB of data from the database before encrypting it.


Terry A Hearn, the Chief Executive of Scottish Environmental Protection Agency, has confirmed that the services will continue despite the digital disruption and there is no question of bowing down to the demands of hackers.

Police Scotland in association with NCSC are busy investigating the incident and more details are expected to be out by next weekend.

Hackers spreading Conti Ransomware are suspected to be behind the incident, as they have taken credit of locking down the database of SEPA after dumping the breached data on their blog.

Note- Conti ransomware uses similar attack mechanisms with RYUK and has been spreading since May 2020. However, the only difference is that the former is developed in such a way that it can only be controlled by a human mind unlike an automated software that is seen in other file encrypting malware. And the highlight of Conti is that it ejects itself in such a way that it blocks the execution of security, backup, database and email solutions. The best way to keep this malware at bay is to keep all applications and operating systems up to date, disable RDP when not in use and discouraging employees from opening unsolicited emails.