A ransomware attack that occurred on Christmas Eve struck the Scottish Environment Protection Agency (SEPA). The agency revealed that its contact center, internal systems, processes and internal communications were all affected because of the attack. Due to damages, email systems, internal systems along with some data products are all down and with no clear recovery timetable. Fortunately, SEPA reassured the people of Scotland that their priority regulatory, monitoring, flood forecasting, and warning services were all still intact. All the proper authorities have been brought together to investigate how the ransomware made its way onto SEPA’s systems. No attacker has yet to be officially named by SEPA, but the Conti ransomware group has released what they say is seven percent of the data that they exfiltrated from the agency on their leak site. In total, it’s likely more than 4,000 files were taken. Some of the data that was stolen includes information about business operations, procurement, projects, and staff.
Analyst Notes
While SEPA’s defenses against ransomware attacks are unknown, its likely they will be bolstering them in the near future. Binary Defense suggests pairing anti-virus solutions with Endpoint Detection and Response (EDR) and a continuous monitoring and response service such as the managed security service that is offered at Binary Defense. This along with other measures like employing phishing training and awareness can give organizations the best chance at defending their data. Having a regular backup schedule and disaster recovery plan are both important for organizations to get back to full operation quickly if an attack occurs.
Source: https://www.bleepingcomputer.com/news/security/scotland-environmental-regulator-hit-by-ongoing-ransomware-attack/