About 4,000 stolen files from the Scottish Environmental Protection Agency (SEPA) have been dumped online by frustrated ransomware criminals after the public sector body refused to pay out.
The move was predicted by the agency itself following the Conti criminal gang’s malware attack against SEPA earlier this month.
SEPA had, quite correctly, refused to pay the extortionists to prevent disclosure. It had even predicted how many files the crims would dump online, saying on 14 January: “Nevertheless, it still means that at least four thousand files may have been stolen by criminals.”
The effects of the attack were to knock a few of SEPA’s services offline, although it insisted that its flood forecasting and warning functions were able to continue operating regardless of the disruption.
Scottish Environment Protection Agency refuses to pay ransomware crooks over 1.2GB of stolen data
Ransomware is malicious software deployed by criminals that encrypts files on a targeted computer network. The criminal operators then demand a ransom in exchange for the decryptor, and enterprising crims target backups as well as production networks, in the hope of destroying the ability for targeted firms to ignore ransom demands.
Some ransomware gangs give themselves nicknames and cultivate a certain public status, in the hope that their marks will, in terror, roll over and pay out with minimal fuss. Some have even gone as far as to issue “press releases” and communicate directly with the press as a means of boosting their notoriety, something infosec blogger Brian Krebs commented on last summer.
Ransoms vary widely but sums measured in millions or tens of millions of pounds are becoming more common, especially as larger and more high profile companies are compromised.
Destroying their business model is the only way to stop ransomware gangs, and SEPA unquestionably did the right thing in refusing to pay. It is also illegal to give money to individuals or organisations on international sanctions lists – certainly in the US and UK. ®