Hackers Target Scottish Government Agency for a Second Time Following £21m Ransomware Attack
Table of Contents
- By David Lukic
- Published: Nov 10, 2021
- Last Updated: Mar 18, 2022
It has been reported that the Scottish Environment Protection Agency (SEPA), which is still recovering from a previous breach, has been targeted by the same hackers in an attempt to disrupt attempts to rectify issues from the last cyber attack.
What happened during the first attack?
SEPA was the victim of a severe criminal cyberattack in December 2020, which rendered the organization's systems inoperable. Ransomware group Conti boldly claimed responsibility while also exhibiting a sample of 4,000 stolen digital assets on their ransomware website.
Despite being "certified to UK Government security standards," the agency claimed that 1.2GB of data had been taken and the group was seeking a ransom to restore access to its digital systems. SEPA however did not respond to the ransom demand and retaliated by releasing the files on the dark web.
BBC Scotland reported in April this year that a total of £790,000 was spent on Sepa's response and recovery actions.
Who is the Conti ransomware group?
Conti originally surfaced in late 2019 and has since evolved into one of the most well-known ransomware-as-a-service (RaaS) operations.
Over the last two years, Conti has been one of the most active ransomware operations, affecting several significant corporations, as well as government, law enforcement, and healthcare agencies.
The cybercriminal group has a history of re-attacking previous victims, most of whom are from North America and Western Europe. Using a "big-game hunting" strategy, the ransom sum is thought to be adjusted to the victim, with the group making requests as high as $25 million.
Cybercrime analytics firm Recorded Future, reports Conti after LockBit, as the ransomware strain responsible for the second-largest number of victims in September 2021.
How did the Scottish Government Respond to the Second attack?
Following the incident, SEPA commissioned independent audits from Police Scotland, SBRC, and business advice company Azets. It was during the team's efforts to recover and restore back-ups that the auditors detected this attack was a "secondary and purposeful attempt to breach SEPA systems."
The audits found that the agency's cyber maturity grade was "high," indicating that advanced defense and detection measures were in place and working properly prior to the assault. Also commented that it regularly tested its emergency response capability and had undertaken a cyber exercise.
SEPA chief executive Terry A’Hearn said,
“The majority of organizations hit by cyberattacks around the world do not publicize much about the attack, and that is their right. We know we have taken an unusual approach, but we are convinced it is the right thing for us to do.”
“We are publishing as much as we can of the reviews so that as many organizations as possible can use our experience to better protect themselves from this growing scourge of cybercrime and have committed to supporting Police Scotland and Scottish Business Resilience Centre in their work on highlighting the support available to organizations to be cyber-ready, resilient, and responsive.”
Detective Inspector, Michael McCullagh of the Police Scotland Cybercrime Investigations, pointed out that the cyberattacks on SEPA and other institutions serve as a stark reminder of the rising menace of international cyber-crime and the fact that no system is completely safe.