On the heels of a ransomware attack against the Scottish Environmental Protection Agency (SEPA), attackers have now reportedly published more than 4,000 files stolen from the agency — including contracts and strategy documents.
After hitting SEPA on Christmas Eve with the attack, cybercriminals encrypted 1.2GB of information. The attack has affected SEPA’s email systems, which remain offline as of Thursday, according to the agency. However, SEPA, which is Scotland’s environmental regulator, stressed on Thursday that it will not “engage” with the cybercriminals. “We’ve been clear that we won’t use public finance to pay serious and organized criminals intent on disrupting public services and extorting public funds,” said SEPA chief executive Terry A’Hearn in a statement… SEPA’s email and other systems remain down, and “what is now clear is that with infected systems isolated, recovery may take a significant period,” according to the agency in its update. “A number of SEPA systems will remain badly affected for some time, with new systems required…”
The incident also points to ransomware actors evolving from previously destroying critical data or bringing companies’ services and operations to a standstill, to now threatening to disclose sensitive data publicly, Joseph Carson, chief security scientist and Advisory CISO at Thycotic told Threatpost.