back to article Scottish enviro bods shrug off ransomware gang's extortion attempt as 4,000 files dumped online, saying it's nothing big

About 4,000 stolen files from the Scottish Environmental Protection Agency (SEPA) have been dumped online by frustrated ransomware criminals after the public sector body refused to pay out. The move was predicted by the agency itself following the Conti criminal gang’s malware attack against SEPA earlier this month. SEPA had …

  1. Dwarf

    Thank you

    For doing the right thing and not paying the scumbags.

    1. Headley_Grange Silver badge

      Re: Thank you

      I've sometimes wondered what would happen if a country made it a criminal offence to pay ransoms for cybercrime attacks like this. I wounder whether the crims give up cos they know they wouldn't get paid or would they assume that because they are happy to be crims then everyone else will be and pay up any way.

      1. Flywheel

        Re: Thank you

        Knowing the way the useless "justice" system works in this country, they'd be let off with a caution as it was "a first offence". Sigh...

      2. Pascal Monett Silver badge

        Probably the same thing that happened in the US when it made a federal crime to pay kidnapper ransom money.

        There's a lot less kidnapping for ransom these days in the US.

  2. Anonymous Coward
    Anonymous Coward

    Let me guess..

    .. they were running Windows?

    I'm just posting to up my downvote count, because stating the bleedin' obvious tends to seriously offend Redmond & friends.

  3. Danny 2

    Bile yer heid

    ...is actually a very mild Scottish rebuke. Bear in mind our top veterinary college is called the Dick Vet, or the 'Royal (Dick) School of Veterinary Studies'. It was the Royal School of Veterinary Studies in 1823, but then someone drew a penis on their sign after Royal, and they reckoned, 'aye, we're having that'.

    Disclaimer: Actual history may no be as guid.

    1. Kane
      Thumb Up

      Re: Bile yer heid

      "Disclaimer: Actual history may no be as guid."

      Willy Dick.

      Love it.

  4. beast666

    Open Environment Initiative

    4000 files containing what?

  5. Neil Barnes Silver badge

    How long, I wonder

    Before files are encrypted as a matter of course? The only time it should be decrypted is when it's being worked on... There's a certain amount of satisfaction, I feel, in saying 'publish and be damned' in the knowledge that what is published is still invisible to most.

    Certainly some (many?) companies these days require that files are stored on central servers - on premise or cloudy - if only for compliance or backup reasons. How difficult to encrypt on write?

    (I'm probably missing something stunningly obvious; this sort of thing isn't my day job. I'm happy to be educated.)

    1. Woza
      Boffin

      Re: How long, I wonder

      Disclaimer: I work for a company active in this area.

      Filesystem encryption is common these days - bitlocker on Windows, or Veracrypt, or the Linux alternatives, etc. But that's not going to help if scumbags are logged into your system because they then see the same view of the files as you do, they're inside the file system.

      There are also ways to do application level encryption, which is what you're suggesting. There are tools that will plug into Word, for example, and encrypt/decrypt stuff between Word and the disk. The problem is that this needs to be implemented on a per application basis - if your favourite CAD software doesn't have a plug-in for your chosen encryption software, you're short on luck. You also need to be careful with configuration - for example, ensuring temporary backup files created by the application are also encrypted.

      Depending on your paranoia level, you also need to worry about swap files, which can contain unencrypted snapshots of files resident in your application's memory.

      Finally, there's a kind of middle ground where you manually encrypt / decrypt files as needed - either on a per-file basis or in a container like Veracrypt. But that is less convenient for day-to-day workflow.

      1. Neil Barnes Silver badge

        Re: How long, I wonder

        This was kind of what I wondered. Thanks for the explanation.

        As always, the convenience vs security tradeoff. Might one expect this sort of data grab for ransom to be mostly via compromised (senior) user accounts? Or are we looking at 'oops, left the database world+dog visible'? Or a combination?

        Hey if it were easy...

  6. Michael Hoffmann Silver badge
    Thumb Up

    Takes me back

    Many, many moons ago, I worked for the US Antarctic Program. Somehow Romanian hackers had managed to break into a number of science systems at the South Pole and download gigs of data. No mean feat seeing as the station had limited capacity via satellite links that were only up around 8-11 hours per day.

    The fun part was that they were trying to blackmail the NSF with releasing that data as well! This was before ransomware as we now know it. Also, this was around the time of the X-Files movie, if anybody remembers that. You know the one with the secret alien base on the South Pole? From the communication it was clear the Romanians thought that we either pay or they would dump the files and publish The Truth (That Is Out There).

    What it actually was, was hundreds of gigabytes of atmospheric and astrophysical data (google ICECUBE and AMANDA projects), which, like all science data, was merely embargoed for 2 years so that the principal investigators and their teams could publish findings first, seeing as it was *their* work. Afterwards it becomes public anyway. So yeah, hacking scientific institutes and threatening to ransom their data is not really a lucrative income stream - it's going to be published anyway!

    Oh, and through cooperation of the FBI and Interpol, AFAIR, they arrested the guys.

    The best part: it got me a 6 week sojourn to McMurdo and South Pole, the closest I'll ever get to space travel (speaking in terms of hostile environments where only few people have ever gone). Those memories will stick with me for life, so, mulțumesc, baieti!

  7. aregross
    Thumb Up

    So if you wait long enough, they'll cough your files out onto the interwebs? Why not just copy them back... Viola!

    1. Robert Carnegie Silver badge

      They may mutilate your data before releasing it publicly. So all those scientific records for instance that prove the ozone layer hole... won't anymore.

      1. AndrewB57

        If said hackers had the science, maths knowledge and data skills to understand and manipulate the records sufficient to fool the rest of the scientific community I doubt they'd be hacking into others' databases for loose change.

        Lucrative careers in banking await

  8. steamnut

    Bonus?

    That's 4,000 files less to try and restore.

  9. man_iii

    Stop using windows for stuff

    As many many Redmond fanatics like to foam at the downvotes button. .. STOP USING WINDBLOWS MICROSHIT SOFTWARE

    Petya nonPetya WannaCry and countless ransomware scumbags are enabled by using Windblows shiteware. Stoo it!

    1. Shufflemoomin

      Re: Stop using windows for stuff

      "Winblows"? Are you 13?

    2. DryBones
      Holmes

      Re: Stop using windows for stuff

      Windows has the largest installed base. You shoot at the big target, not the little target.

      If I have to explain this to you again, you're going to be invoiced for it.

    3. IGotOut Silver badge

      Re: Stop using windows for stuff

      Ok, feel free to write the millions, of often bespoke pieces of software out there to run on your chosen OS, then we'll take a look.

      Until then, leave running a business to the grown ups.

    4. hoola Silver badge

      Re: Stop using windows for stuff

      And as an alternative what exactly do you suggest that is a drop-in replacement, endpoint to server, authentication & management?

      Then add in supporting all the required applications, compatible with all the agencies they need to work with.

      Ahh, a (free) version of Linux and Libre Office, that will fix everything......

      Just screaming "why do people still use Windows" with the implication that Open Source & Linux are the answer to everything the does not address the underlying problems.

  10. Anonymous Coward
    Anonymous Coward

    They might be shrugging off the file disclosure but an awful lot of damage has been done to SEPA. They'll not be back up and running properly for a long time.

  11. Big_Boomer Silver badge
    Mushroom

    I work for a medical tech company and we see hospital ransomware attacks 3-5 times per year on average. They are 99% caused by someone clicking a link in a phishing email and their compromised PC then gives an "in" for the hackers who escalate and run their ransomware. We see it often enough that we actively recommend to our customers to check their backups regularly and keep copies elsewhere, ideally offsite. The 1% are caused by someone plugging an infected USB stick into a PC that either has disabled or very outdated AV.

    As for the anti-Windows brigade,... grow up. The most used desktop OS is Windows (77%), therefore most companies write their software for Windows, therefore most hackers target Windows. 20 years ago Linux/Unix was inherently more secure than Windows but time has moved on and Windows is now much more secure. The only serious threat to Windows dominance in the desktop market is OSX at 18% and those are almost all media companies. Linux/Unix at 2% of desktop OSes is a drop in the ocean. Unix has been around forever in various flavours and Linux has been around for 28+ years and while they have their place in the market, the office desktop seems not to be it (outside of OSX) and all your monotonous whining about Windows over the years has not and will not change that any time soon.

    1. gerryg

      You were doing OK right up until the proof by waving your hands, viz, "20 years ago Linux/Unix was inherently more secure than Windows but time has moved on and Windows is now much more secure"

      I'm fairly sure a properly managed Windows environment can be made fairly secure. I'm fairly sure that with enough effort a *nix environment can be made fairly insecure.

      It's just that with the former you have to make things stop happening and in the later you have enable things to have them start.

      1. Big_Boomer Silver badge

        I never meant to say the Windows was more secure than Unix/Linux. I should have ended that sentence with " than it used to be." My bad! :-)

        The biggest problem with security is that you can secure anything but at some point someone has to access/use it, and that is where all the security under the sun fails. So, you mitigate it as best you can and plan for the worst case scenario.

  12. unbender
    FAIL

    No backups it would seem

    The report would suggest that they were relying on simple cloud replication instead of an actual backup system. Attack on the 24 Dec, backup corrupted the following day.

    100% data loss.

    https://www.audit-scotland.gov.uk/uploads/docs/report/2022/s22_220201_scottish_environment_protection.pdf

    Seems to have been rotting from the top https://www.bbc.co.uk/news/uk-scotland-60087226

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like