The Scottish Environment Protection Agency (SEPA) has warned that it could take a “significant period” of time before systems and services are fully restored after it was hit by ransomware on Christmas Eve.
In a lengthy update late last week, the agency claimed that “a number” of its IT systems will remain “badly affected for some time,” and in some cases will need to be replaced completely.
“The agency confirmed that email, staff schedules, a number of specialist reporting tools, systems and databases remain unavailable with the potential for access to a series of systems and tools to be unavailable for a protracted period,” it continued.
One of these systems is a service for online reporting and enquiries about pollution. Although now restored, any information submitted to the service during the early days of the attack is not accessible.
On the plus side, SEPA said that its main regulatory, monitoring, flood forecasting and warning services continue to operate. Contact center and online self-help services are being slowly restored, including SEPA’s Floodline, 24-hour pollution hotline and environmental event reporting.
However, attackers also stole 1.2GB of data from the agency including information on procurement, commercial projects and SEPA staff, as well as its corporate plans, priorities and change programs. Some, but not all, is thought to have been publicly available.
“Whilst the actions of serious and organized criminals means that for the moment we’ve lost access to our systems and had information stolen, what we’ve not lost is the expertise of over 1200 staff who day in, day out work tirelessly to protect Scotland’s environment,” said SEPA CEO Terry A’Hearn.
“Sadly we’re not the first and won’t be the last national organization targeted by likely international criminals. Cybercrime is a growing trend. Our focus is on supporting our people, our partners, protecting Scotland’s environment and, in time, following a review, sharing any learnings with wider public, private and voluntary sector partners.”