The sophisticated ransomware attack on the Scottish Environment Protection Agency (Sepa), which saw criminals demanding payment and the majority data encryption, theft, or deletion overnight, led to the victimization of the Scottish Environment Protection Agency (Sepa).
In a Tuesday report, the Auditor General for Scotland stated that Sepa bosses are still trying calculate the cost of cyberattack. Accounting records have also had to be recreated using bank statements. This left auditors unable examine the company’s finances, including 42 million in contract income.
Sign upSubscribe to our daily newsletter
The i newsletterReduce the noise
Storm Corrie Scotland: Nearly 17,000 remain without power due to Met Office yellow…
Stephen Boyle, Auditor General said that the incident highlighted how no organisation is able to fully defend itself against the threat posed by sophisticated cyber-attacks. It is important that organisations are well-prepared.
Sepa was in an excellent starting position, but it will continue suffering the consequences of this attack for some time to come, stated Mr Boyle. Everyone in the public sector should learn from their experiences.
Sepas cybersecurity reviews have shown that its defenses are strong, but there are indications that ransomware software, which requires payment in cryptocurrency like BitCoin to retrieve the password, got into the network via phishing emails.
Investigators believe that Sepas systems were hacked before the December 24 attack. This allowed hackers to spread the malware, but the source of the attack remains a mystery.
Staff were alerted to the attack and started to isolate the network. However, the attack occurred so quickly that further escalation wasn’t completed until Christmas Eve.
The report revealed that Sepa had followed best practices for backing up its data. However, the sophisticated nature and timing of the attack meant that online backups were compromised at an early stage. This prevented any possibility of quickly accessing historical records.
According to the report, Sepa was able continue to deliver its key services such as flood warnings within 24 hours of the attack, but it was still rebuilding its digital infrastructure 12 months later.
The Auditor General stated that the organisation had many areas of good practice in its reports. These included Sepa’s quick response and business continuity plans that allowed it to continue providing critical services and its open and transparent communication.
Sepa acknowledges that the cyber-attack on the organisation has increased the medium and longer term financial pressures on it. Key systems such as Sepas financial accounting software have been rebuilt. Others are being built from new and data that has been recovered or recreated securely. This will take some time.
Terry AHearn (Sepas chief executive) resigned his position late last month, after the organisation made conduct allegations against him.
Jo Green, the agency’s chief officer, has been appointed acting chief executive. He is being supported and assisted by the management team.