Cyber criminals who stole thousands of digital files belonging to environmental regulator Sepa have published them on the internet.
The public body had about 1.2GB of data stolen from its digital systems on Christmas Eve.
Sepa rejected a ransom demand for the attack, which has been claimed by the international Conti ransomware group.
Contracts, strategy documents and databases are among the 4,000 files released.
The data has been put on the dark web – a part of the internet associated with criminality and only accessible through specialised software.
Sepa chief executive Terry A’Hearn said: “We’ve been clear that we won’t use public finance to pay serious and organised criminals intent on disrupting public services and extorting public funds.
“We have made our legal obligations and duty of care on the sensitive handling of data a high priority and, following Police Scotland advice, are confirming that data stolen has been illegally published online.
“We’re working quickly with multi-agency partners to recover and analyse data then, as identifications are confirmed, contact and support affected organisations and individuals.”
The attack locked Sepa’s emails and contacts centre but Sepa said “priority regulatory, monitoring, flood forecasting and warning services were continuing to adapt and operate”.
Sepa said the theft was the equivalent to a fraction of the contents of an average laptop hard drive.
Some of the information stolen was already publicly available but other files included data about staff and suppliers was not.
Where information has been identified to date, staff have been contacted and are being supported.
‘Serve as a warning to future victims’
Brett Callow, of cyber security company Emsisoft, has been tracking the Sepa ransomware attack.
He said: “Conti may well be the work of the same people behind another type of ransomware called Ryuk.
“There are similarities in the code, ransom note and attack mechanisms.
“When the complete haul of data is posted like this, it usually means the group has given up hope of being able to extract payment from the victim of monetise the data in other ways.
“It’s a loss for them. At this point, they’ve lost all leverage and the action is intended to serve as a warning to future victims.”
Det Insp Michael McCullagh, of Police Scotland’s cybercrime investigations unit, said: “This remains an ongoing investigation.
“Inquiries remain at an early stage and continue to progress including deployment of specialist cybercrime resources to support this response.”
The authorities will be pleased.
It looks like Sepa decided not to play ball with the cyber criminals.
Ransomware is a scourge that is costing organisations billions of pounds and every time a victim pays, it fuels further attacks.
Sadly for Sepa this is far from over.
By the looks of the stash of files that the hackers stole and encrypted, Sepa will have months of work ahead to try to recover important documents and spreadsheets from backups and rebuild their records.
It’s also telling that, according to the hackers website, almost 1,000 people have so far looked at the documents.
Who knows what other criminals or hackers are poring over the files right now.
Making the documents open to all means that information can be extracted to potentially be used against Sepa in further attacks or extortion attempts.
It will be months, perhaps even years until the organisation can say it is safe once more and can put this cyber attack behind it.
- One feared dead, several others injured after accident at Legon underpass
- Citi FM journalist, Caleb Kudah allegedly picked up by National Security operatives
- Leadership crisis at Ghana Rugby: Chairman Herbert Mensah suspended indefinitely, set to be removed from office on June 8
- Fire guts new Kejetia Market
- Ghana drops to 95th in 2021 World Happiness ranking
- Chinua Achebe’s ‘Things Fall Apart’, ‘No Longer at Ease’ and ‘Arrow of God’ are being adapted for television
- Cape Coast airport to be completed before end of second term – Transport Minister assures
- Our scholars in Cuba are broke because they insist on table-top payment – GNPC Foundation
- Wesley Girls: Aside ban on fasting Muslims aren’t allowed to observe Salat – Old student
- Social media users list Top 5 Ghanaian players
Nursing aide gets 7 life terms for killing 7 elderly VA patients with insulin
Ghana to host African Swimming and Open Water championships
Chief breaks ground for multipurpose Nkawkaw Palace
Double whammy for Ghana in Old Mutual Amazing Voices
RTI Law is to empower citizens and to fight corruption – RTI Coalition
Mental disorder after childbirth is real – Victim recounts
Transgender Cameroonians jailed for 5 years
Dr Prince Hamid Armah: Exploring Akufo-Addo’s commitment to education; Policy, spending, and outcomes
Politicisation of security agencies cause of insecurity in the country- Sam George
Museveni takes oath for 6th term
Ghana has not done enough to get girls out of the streets – Development consultant
China’s population grows to 1.41 billion people
Uganda deploys troops ahead of Museveni inauguration
Banks cannot be blamed for not accepting new Voter ID cards – Association of Bankers
9-year-old boy dies after being ‘struck by lightning’ on football field