Hackers release over 4,000 files stolen from Scottish environment agency in ransomware attack

SEPA was hit by ransomware attack on Christmas Eve Corporate plans and contracts published after organisation refused to give in to ransom demand There’s more bad news for the Scottish Environment Protection Agency (SEPA) which was hit by a ransomware attack on Christmas Eve – a serious security breach that has continued to impact its internal systems and forced its email offline.

The Conti ransomware gang has now published 4,150 files stolen from SEPA on the dark web. Corporate plans, contracts, spreadsheets, and potentially personal information about staff, can be found amongst the haul of files now available for anybody to download with no payment required.

The malicious hackers have released the files that they stole from SEPA before unleashing their file-encrypting ransomware in frustration that the agency refused to pay any money to its extortionists.

Conti, like other notable ransomware gangs, has found that exfiltrating data from its victims and threatening to either sell it to other hackers or release it to the world increases the chance of a pay day. For that reason they, and some other ransomware gangs, run websites that publicise their latest hacks and make the stolen data available – at least for those “clients” who refuse to pay up.

Past victims of Conti have included the industrial IoT firm Advantech, which received a $14 million ransom demand from its attackers, as well as coffee machine maker De’Longi and customer information firm Ixsight Technologies.

The release of SEPA’s data is not that much of a surprise. The agency’s chief executive Terry A’Hearn has made clear in media interviews that it was not prepared to use public funds to pay money to its criminal extortionists.

That certainly isn’t the position of some ransomware victims, who have in the past been criticised by some for giving in to the demands of hackers in the hope of restoring their systems and to prevent the release of stolen data.

I don’t feel comfortable complaining too loudly about companies who decide to make the difficult decision to pay a ransom, as they may feel the only other alternative is to put their organisation, their parents, and workers’ positions in jeopardy. It’s the type of uncomfortable decision no chief executive ever wants to find themselves having to make – and it does, inevitably, encourage the criminal underworld to launch more ransomware attacks, feeding the underworld industry.