back to article Scottish Environment Protection Agency refuses to pay ransomware crooks over 1.2GB of stolen data

Scotland's environmental watchdog has confirmed it is dealing with an "ongoing ransomware attack" likely masterminded by international "serious and organised" criminals during the last week of 2020. "On Christmas Eve, the Scottish Environmental Protection Agency (SEPA) confirmed that it was responding to a significant cyber- …

  1. Anonymous Coward
    Anonymous Coward

    How long until we see their private beaver pics getting leaked?

    1. Arbuthnot the Magnificent

      Ha, take my "angry upvote"!

    2. Danny 2 Silver badge

      Actually, 87 beavers have been slaughtered in Scotland with SEPA approval so it would be mondo-porn. SEPA are not fit for purpose. Or even porpoise.

      Here is poem about it, with the poets permission:

      Bereaved A poem by Robert Alcock

      1

      Bereft, bereaved,

      the river grieves

      her eager lover,

      her healer, her sculptor.

      Crafty, intelligent,

      in his element

      in her element,

      every behaviour

      a force of nature;

      feverish wielder

      of iron-toothed shovel,

      adze and axe and chisel,

      felling birch and alder;

      willow weaver; builder

      in mud and timber

      of lodge and barrier,

      slowing the flow

      of her too-hasty water,

      catching sediment,

      sifting it, saving it

      for her catchment;

      leaving

      in his wake

      a sunlit lake,

      seeded

      with weed and reed —

      his vegan feast;

      hosting and feeding

      a host of other species:

      newt and salamander,

      moorhen and gander,

      rail and flycatcher,

      vole and trout and otter;

      until with many seasons

      pool is succeeded

      by meadow,

      waders by grazers,

      and he heads to a new

      bend of the river,

      renews his vow,

      his gift to her.

      No longer, now.

      Bereft, bereaved,

      the river grieves

      her spark-bringer,

      her shape-shifter,

      her creator, her saviour.

      2

      His misfortune:

      to be worth a fortune,

      a price on his head,

      prized more dead

      than living,

      as pelt, felt, and scent:

      untold wealth

      bought and sold

      and hoarded

      by unbelievers,

      hearts full of craving,

      dammed with greed

      for silver and gold

      that gleam in the bank,

      never seeing

      the flicker and fold

      of sun-sheen

      on a stream bank.

      They came as thieves,

      trapped and seized,

      misprised, mythologised:

      called him a fish,

      a meatless dish,

      who'd bite off his balls

      before he'd submit;

      and offering up

      their own masculinity

      on the bloody altar

      of a mad divinity,

      drove him

      over the brink

      to extinction.

      3

      Meanwhile,

      across the great water,

      from his stolen fur

      men built

      harbour and fort,

      fought

      a hundred-year war

      for his coat —

      Iroquois, Huron,

      English, Dutch, French:

      the hunters won,

      the rivers wept;

      the men kept

      grasping and killing,

      striving and building,

      until outposts

      were ports,

      forts

      were states,

      and the wealth

      that poured downriver

      was caught

      in the sieve

      of a great city

      where men in tall hats,

      priests of Enterprise,

      prophets of shiny Profit,

      traded and plotted

      in lodge and bourse,

      and laid out

      their main square

      atop his drained pond

      on the island

      hunting ground

      called Manhattan.

      4

      So the builder's pelt

      built a new world

      that soon outgrew his coat:

      grew and grew,

      knowing only

      how to grow.

      Fur fell out of fashion;

      the cities forgot him

      but the river

      never forgot,

      never stopped

      weeping,

      kept bleeding

      silt to the salt sea;

      to a river

      what are centuries?

      Foam floats by endlessly.

      5

      Then one morning

      in spring,

      the river in spate,

      he saunters

      jauntily

      out of a crate.

      No showy reunion,

      no show of emotion

      after their long separation;

      he tastes the air,

      doesn't waste the light,

      starts his search

      for a suitable

      building site.

      Retrieved, delivered,

      reintroduced

      by human beings

      being humane,

      for a change:

      his good fortune, to be

      no longer worth a fortune

      dead, but prized

      as he is, alive

      — by the wise;

      there are plenty

      who don't agree,

      call him a pest,

      call for his head;

      his "protected status"

      a paper-thin wall

      of paperwork.

      He's oblivious,

      to him paper's best

      shredded

      to make a nest.

      They shred it:

      perpetrate

      a legal slaughter,

      eighty-seven dead,

      blood in the water.

      Once again

      men demonstrate

      that they dominate,

      subjugate nature,

      eliminate the neighbour

      whose behaviour

      they can't tolerate,

      even if

      they stand to benefit.

      And the river

      is left

      bereft.

  2. Yet Another Anonymous coward Silver badge

    How much ?

    It might be the cheapest way for taxpayers to get their hands on the "public" data

    1. Anonymous Coward Silver badge
      Holmes

      Re: How much ?

      First time, yes. But then the crooks have a mark who they know are willing to pay out so will come back for another payday again and again.

      You have to draw the line somewhere and morality dictates that it should be at the first instance.

      1. Anonymous Coward
        Meh

        Re: How much ?

        First time, yes. But then the crooks have a mark who they know are willing to pay out so will come back for another payday again and again.

        I'm not sure this works, since the mark will probably improve their security and backup processes.

        1. Kane Silver badge

          Re: How much ?

          "I'm not sure this works, since the mark will probably improve their security and backup processes."

          I wish I still had that sense of innocence.

          1. Anonymous Coward
            Happy

            Re: How much ?

            I wish I still had that sense of innocence.

            It is not innocence - it's just how the world works.

            For example, after a computer security failure cost the company £60 million and 100,000 customers, I imagine the subject gets somewhat more attention at TalkTalk than it did in Dido's day.

            1. Korev Silver badge

              Re: How much ?

              But it got Harding a number of good jobs afterwards; it shouldn't be difficult to Track and Trace what she's been up to...

            2. FIA Silver badge

              Re: How much ?

              I wish I still had that sense of innocence.

              It is not innocence - it's just how the world works.

              I wish I still had that sense of innocence.

              (I believe the popular phrase is 'Some people never learn...').

              1. Anonymous Coward
                Anonymous Coward

                Re: How much ?

                They deserve everything they get then. And that doesn't include sympathy.

                Imagine if the NHS got hit again - people would be rightfully furious at the negligence.

                Fool me once, shame on you...

                1. quxinot

                  Re: How much ?

                  Sometimes you learn and still cannot solve the problem because it's not an option.

                  For example, when you are voting against someone instead of for someone, as both choices are bad--you default to voting against the worse rather than for the better.

                  1. Anonymous Coward
                    Anonymous Coward

                    Re: How much ?

                    Nobody is voting for anything, worst or least worst.

                    The mitigating action is to take security seriously then improve it sufficiently that you don't get hit by the next attempt. No different from everyone else who is already doing so.

                    Raising your security standards is ALWAYS an option.

            3. Kane Silver badge

              Re: How much ?

              "For example, after a computer security failure cost the company £60 million and 100,000 customers, I imagine the subject gets somewhat more attention at TalkTalk than it did in Dido's day."

              In the normal course of things, I would agree, but this is a government agency we're talking about here,

              1. Anonymous Coward
                Pint

                Re: How much ?

                In the normal course of things, I would agree, but this is a government agency we're talking about here,

                I have to agree with you there - with no tangible consequences for failure, there is zero incentive for them to change their ways.

  3. Dwarf Silver badge

    Good

    Don't make it pay for the scammers

    If they are having problems recovering the data, just download it again from the leaked resource.

    1. Anonymous Coward
      Anonymous Coward

      Re: Good

      And pray it is still authentic?

  4. Doctor Syntax Silver badge

    Just 1.2Gb? That much is likely to be laid around as duplicate copies somewhere. Did someone get their figures out be a few orders of magnitude?

    1. Martin Summers

      I suspect the crims were disappointed to find that their haul was just an AVI of the reception screen promotional video...

  5. sanmigueelbeer Silver badge
    Joke

    a bheil thu air feuchainn air a thionndadh dheth agus a-rithist

    1. Anonymous Coward
      Anonymous Coward

      that's easy for you to say!

    2. Mark 110

      Not sure turning it off and on again unencrypts files. Bet they tried it though.

  6. MrMerrymaker

    Good

    Starve these crooks of what they do this for - money

    Glad at least this organisation understands paying this is bad. They will learn an infosec lesson here - hopefully - the hard way, but those scammers must not prosper whatever it takes.

    1. frustin

      Re: Good

      yeah, i mean, a freedom of information request and we can get it for free anyway

  7. Bear

    Danegeld

    As Kipling said “ once you have paid him the Danegeld You never get rid of the Dane”.

    It’s good to see this happening, and if it happened more often then this scourge would lessen.

    1. steamnut

      Re: Danegeld

      but they do bake exceedingly good cakes...

      1. Anonymous Coward
        Anonymous Coward

        Re: Danegeld

        waddabout duh cookies?

        1. Anonymous Coward
          Anonymous Coward

          Re: Danegeld

          Mmmmmm, Danish butter cookies...

          1. Brad Ackerman

            Re: Danegeld

            Aren't those the things that come inside empty sewing-equipment tins?

      2. Muscleguy

        Re: Danegeld

        The Russ figured that out wrt the Mongols in the form of the Golden Horde and built the military capacity to resist the blackmailers when they came to collect their tribute. The rest as they say is history.

    2. Doctor Syntax Silver badge

      Re: Danegeld

      Kipling's history wasn't too brilliant. Geld = taxation. It's the geld we never got rid of.

      1. Jonathan Richards 1

        Re: Danegeld

        Kipling didn't invent the word 'Danegeld', though. Danegeld was indeed a tax, levied by Ethelred II to pay off the Vikings with their "Nice little monastery you've got there, be a shame if somebody looted it" business model. Britannica says "the word Danegeld is usually applied to the payments that began in 991 and continued at intervals until 1016"

        If the SEPA had paid off the cybercrooks, then it would indeed have been with taxpayer's money, albeit not raised explicitly for that purpose!

  8. man_iii

    Lemme guess running MSWindows

    If you run Microshat Windoze expect to get hacked.

    Why is it that orgs havent even bothered to move to a a relatively safer desktop environment? Even Android and Chromebooks are probably better than Windblows.

    1. werdsmith Silver badge

      Re: Lemme guess running MSWindows

      If you operate with slack security then expect to get hacked. Regardless of what you are running.

    2. IGotOut Silver badge

      Re: Lemme guess running MSWindows

      Please, leave these conversations on here to the grown ups, stick to Reddit.

    3. TonyJ
      FAIL

      Re: Lemme guess running MSWindows

      "

      Lemme guess running MSWindows

      If you run Microshat Windoze expect to get hacked.

      Why is it that orgs havent even bothered to move to a a relatively safer desktop environment? Even Android and Chromebooks are probably better than Windblows..."

      Probably for the same reasons that you never appear to have bothered to learn English properly: A combination of stupidity, laziness and until now - it got them by and they got away with it.

      1. Jimmy2Cows Silver badge
        Headmaster

        Re: ...you never appear to have bothered...

        Not to nitpick (because, hey, that never happens on El Reg, right?), and I wholeheartedly agree with the sentiment, but given you're rightly pulling up the OP on their fine command of English Shirley the correct grammar is:

        ...appear never to have bothered...

        or

        ...appear to never have bothered...

        And don't call me Shirley.

        1. TonyJ

          Re: ...you never appear to have bothered...

          Reasonable response. I was typing in a hurry whilst trying to multitask. Never a good combination.

          It just amuses me how people expect an argument to be taken seriously with silly name calling in it. Even where there may be a valid argument, it immediately detracts from that and makes it infantile and difficult to treat seriously.

          1. Anonymous Coward
            Anonymous Coward

            Re: ...you never appear to have bothered...

            It's very childlike of you to believe that arguments in El Reg forums are taken seriously...

            Or that they matter or make a difference to anything.

            But I guess you can't stop yourself telling other people your opinion, regardless of whether they want to hear it.

            1. TonyJ

              Re: ...you never appear to have bothered...

              "...It's very childlike of you to believe that arguments in El Reg forums are taken seriously...

              Or that they matter or make a difference to anything.

              But I guess you can't stop yourself telling other people your opinion, regardless of whether they want to hear it..."

              You might benefit from learning this, A/C

              Also... you ok? Do you need a hug?

              1. Anonymous Coward
                Anonymous Coward

                Re: ...you never appear to have bothered...

                You're mistaken. It isn't irony - I don't care if no one takes any notice.

                And no one needs your fake sympathy. Or your patronising attitude.

                1. TonyJ
                  FAIL

                  Re: ...you never appear to have bothered...

                  Angry little anonymous tosser, aren't you?

                  Every response you've made has dripped irony and you are too stupid to understand no one said you were trying to be ironic! I am going out on a limb and guessing you're an American. Probably still bitter at Trump losing,given the raging anger. You may want to actually follow that link to try and wrap your head around what irony actually means.

                  For anyone with half a brain, it clearly wasn't sympathy of any kind, you dull idiot - it was sarcasm. You really do need to grow up and grow a pair, anony-troll.

                  1. Anonymous Coward
                    Anonymous Coward

                    Re: ...you never appear to have bothered...

                    LOL.

                    So it's ok for you to accuse others of being infantile because you don't share their lack of respect for what they're talking about, but you're immune to others criticising your beliefs. Yeah, that's irony.

                    And despite your triggered response, I'm afraid I'm English. And not particularly proud of it.

                    1. TonyJ

                      Re: ...you never appear to have bothered...

                      Therein lies the issue. You didn't attack the beliefs. I'm done feeding you. You just want the attention.

    4. bobbear

      Re: Lemme guess running MSWindows

      The real problem component is probably the nut on the keyboard..

      1. Keven E

        Re: Lemme guess running MSWindows

        Monitor-to-keyboard interface error.

        1. IGotOut Silver badge

          Re: Lemme guess running MSWindows

          Computer User Not Technical.

          You're welcome to use that one.

  9. Potemkine! Silver badge
    Thumb Up

    The right attitude

    Paying the ransom makes the victim a likely future target.

    Backup your data, put them outside of your network, test regularly restoration is working. This may be boring, but it's like fire drills it can save your ass some day.

    1. werdsmith Silver badge

      Re: The right attitude

      Once bitten the twice shy victim will be a harder target.

      The problem with paying ransoms is that it funds the criminals and encourages them to continue their work.

      1. doublelayer Silver badge

        Re: The right attitude

        "Once bitten the twice shy victim will be a harder target."

        That's a possible outcome, but there are several others. For example, once bitten and it didn't cost much so they're not at all concerned about next time because they can afford to pay that ransom again. Queue the next time when the ransom is significantly larger. Even worse when insurance handles the payment because now they think of it as amortized in normal payments like all the other risks.

        Or the client who pays the ransom to keep data hidden and doesn't realize that the criminals can come back any time to request a top up since there's no way to know if the criminals have destroyed all copies.

        People sometimes get complacent about their ability to handle a risk if they've done it before. This is yet another problem with ransom payments.

    2. Anonymous Coward
      Anonymous Coward

      Re: The right attitude

      "Paying the ransom makes the victim a likely future target."

      Utter rubbish.

  10. LDS Silver badge
    Joke

    Good they attacked the wrong SEPA....

    Although I'm sorry for the Scottish EPA.

    Did they believe it was the Single European Payment Area systems?

  11. Cuddles Silver badge

    Serious criminals

    "masterminded by international "serious and organised" criminals"

    In other words, someone clicked on a link in a random spam email.

    1. Anonymous Coward
      Anonymous Coward

      Re: Serious criminals

      I still wonder why this happens again and again.

      Some code should be able to block this shit.

      1. Pascal Monett Silver badge

        I'm starting to feel like a broken record but there is : NoScript.

        It blocks JavaScript and, since all malware starts by using JS to download and run the nasty, block JS and the nasty can't get in.

        1. ElPedro100

          Nice idea and I completely agree in principle but what it the point of the web when 99% of the sites simply will not function? Only real way round it is to block all corporate and government networks from having access to the internet or external mail. Yeah right...

        2. doublelayer Silver badge

          "all malware starts by using JS to download and run the nasty,"

          What? Wrong! Do you know how malware works? That isn't done often, and for a very good reason; it doesn't help with any of the tricky bits. JS from websites, where NoScript can block it, can't unilaterally run executables. It is sandboxed. If it can do something malicious inside a sandbox, it will. If it can escape the sandbox, it will try that too. Things like tracking users across sites using sneaky storage, exfiltrating stuff they type onto websites, stealing CPU time for cryptomining, redirecting them to somewhere dodgy, that style of malware. For those and only those reasons, blocking JavaScript on websites is useful.

          Ransomware requires full access to the disk. Not even bad browsers give that kind of access. A JS-laden ad might redirect someone to a download link, but that could be done with an HTML ad too. And those approaches usually don't work as effectively as emailing the file or the link directly, which is probably what happened here. In fact, if you want a script system that is more often used to send malware, it would be Office macros (not JS). Every once in a while, there's a vulnerability like EternalBlue which lets one upload malware directly without any of that, but not using JS. Then, something has to be done in order to get the program running. Often, this involves getting the user to click through the OS's security features or bypassing them using a vulnerability. Since most such vulnerabilities use APIs of the operating system which aren't available to JS, JS is seldom used for such purposes.

          If you think you are saved from malware by blocking JavaScript in your browser, you likely have a flawed understanding of most if not all the relevant concepts.

    2. General Purpose Silver badge

      Re: Serious criminals

      Scammers love anyone who thinks there's only one way to get scammed, and cyber-attackers love anyone who thinks all breaches happen the same way.

  12. Anonymous Coward
    Anonymous Coward

    It's a bit pointless targetting the UK public sector for money in this way. They won't pay out. The reputational damage is (to them in charge) worse from paying than having presided over an organisation that allowed this to happen.

    If they were actually doing this to disrupt the operations of SEPA then it makes more sense. And I've heard that there are reasons that individuals (from states where professional cyber attacks are often launched) would like quite a lot of data to disappear.

    Ransomware and extortion might just be a cover

    1. Stuart Castle Silver badge
      Joke

      Maybe we can blame Trump? Isn't he having a little bit of an argument with them over a windfarm that ruins the view from one of his gold courses?

      1. Stuart Castle Silver badge

        And, of course, I meant "Golf", but it's Trump, so "gold" fits just as well.

    2. Franco Silver badge

      Probably wasn't (directly) targeted, just a scattershot email blast hoping to get someone to click the wrong (or right depending on your point of view) link.

    3. Mike 16 Silver badge

      Ransomware as cover

      Bingo! I was waiting for someone to mention that.

      "The state has dropped charges as the evidence against the accused was lost in an unfortunate fire".

      As for offline backups, I recently found out (the hard way) that Apple has been doing their part to discourage backing up to network drives by silently (until it's too late) corrupting backups via Time Machine to networked drives. Possibly why they dropped the Time Capsule (Their own handy networked drive, AP, and kitchen sink), although I do wish they had been a bit more candid about the problem.

      Remember folks "It's not really a backup until you have successfully restored"

      1. Anonymous Coward
        Anonymous Coward

        Re: Ransomware as cover

        It would be interesting if an investigative journalist / organisation ran with this and followed the real motivation for starting a "fire" and who would benefit. Maybe the arsonist has already been paid.

        Although I'm not sure there are any investigative types left these days. Panorama certainly doesn't count, whilst the rest of the BBC just publishes press releases and reports whatever comes out of politicians' mouths. And the police - well that would be a conflict of interests...

    4. ectel

      Another reason they won't pay is, Have you ever tried raising a purchase order in a public sector body?

      Has the options paper been developed, with at least 5 options? Has HR been involved in assessing impacts on the workforce? Has anyone worked out what budget code its is going to come from? Has the risks of doing it or not been put on the risk register? Has the options paper been circulated to the right committees? Has it been signed off by the Investment Group (meets bi monthly) Has Trevor seen it? Has the full business case been worked up? Has estates signed off (even though it is nothing to do with them)? Who is Trevor?

      And so on ad infinitum

  13. Anonymous Coward
    Anonymous Coward

    cynical

    Anyone wonder on the use of the word "public" in this statement ? I hope they'll pay them no money .... public or not ....

    1. beaker_72

      Re: cynical

      If a publicly funded body pays out money for anything, it is by defintion "public" money. It's very common for such bodies to emphasise this in these kind of statements so as to be seen to be doing the right thing and not squandering the funds they've received from the public.

      Not sure what else the use of the word could relate to.

  14. Joe Gurman

    People refusing to pay ransomware?

    How will BitCoin continue to soar?

    1. Anonymous Coward
      Anonymous Coward

      Re: People refusing to pay ransomware?

      Ransomware isn't causing bitcoin to soar.

  15. JWLong Bronze badge

    1.2GB of data

    I have more than that of big tits redheads p0rn on my phone.

    There's something wrong, somewhere.

    1. This post has been deleted by its author

      1. JWLong Bronze badge

        Re: 1.2GB of data

        Thanks for the upvote. Cat video maybe, pussy is pussy.

        If it's compressed that's one hell of a compression routine, they should market that maybe.

  16. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022