Scottish Environment Protection Agency has confirmed that it has been subject to a continuing ransomware attack likely to be led by organised crime groups.
The cyber security attack which has been going on since Christmas Eve resulted in the theft of 1.2GB of data.
A dedicated data loss support website and support line has been set up fr regulated businesses and supply chain partners.
The environmental protection agency said it is working with Police Scotland, the National Cyber Security Centre and Scottish Government to respond to what it describes as “complex and sophisticated criminality”.
SEPA chief executive Terry A’Hearn, Chief Executive of the Scottish Environment Protection Agency, said: “Whilst having moved quickly to isolate our systems, cyber security specialists, working with SEPA, Scottish Government, Police Scotland and the National Cyber Security Centre have now confirmed the significance of the ongoing incident.
“Partners have confirmed that SEPA remains subject to an ongoing ransomware attack likely to be by international serious and organised cyber-crime groups intent on disrupting public services and extorting public funds.”
The body has said that with infected systems isolated, recovery may take a significant period.
A number of SEPA systems will remain badly affected for some time, with new systems required, the body said.
Email systems remain impacted and offline. Information submitted to SEPA by email since Christmas Eve is not currently accessible and whilst online pollution and enquiry reporting has now been restored, information submitted in the early stages of the attack is currently not accessible.
Cyber security specialists have also identified the loss of circa 1.2 GB of data, equivalent to a fraction of the contents of an average laptop hard drive. The indications suggest that at least 4,000 files may have been accessed and stolen by criminals.
A’Hearn said: “Work continues by cyber security specialists to seek to identify what the stolen data was.
“Whilst we don’t know and may never know the full detail of the 1.2 GB of information stolen, what we know is that early indications suggest that the theft of information related to a number of business areas.
“Some of the information stolen will have been publicly available, whilst some will not have been.”
He added: “Sadly we’re not the first and won’t be the last national organisation targeted by likely international criminals.
“Cyber-crime is a growing trend. Our focus is on supporting our people, our partners, protecting Scotland’s environment and, in time, following a review, sharing any learnings with wider public, private and voluntary sector partners.”