The Scottish Environmental Protection Agency was struck by a ransomware attack on Christmas Eve 2020 that shut down its internal networks.
This affected a major part of its systems including the contact centre, many internal systems, processes and internal communications.
Some experts believed that the attack had all the hallmarks of Russian organized cybercriminals, but that wasn’t proved.
A significant amount of data was stolen which included business information, procurement information, commercial operations and employee data.
The attack used Conti malware and some 20 files of confidential data was leaked on a Conti leaks site to push SEPA into paying the ransom.
SEPA involved the Police, the Scottish government, the National Cyber Security Centre and recovery experts to assist with removing the ransomware from their systems and recovering as much of their data as could be done.
SEPA prioritised the services most needed by the public and it took weeks for them to get back to fairly normal operations.
It is believed that they did not pay any ransom.
The lesson is clear – take better cyber precautions and always have off-site backups of everything important.
If you have any experiences with this ransomware do let me know, by email.