Cyber Criminals Publish More Than 4,000 Stolen Sepa Files

Cyber criminals who stole thousands of digital files belonging to environmental regulator Sepa have published them on the internet, reported by BBC. The public body had about 1.2GB of data stolen from its digital systems on Christmas Eve. Sepa rejected a ransom demand for the attack, which has been claimed by the international Conti ransomware group. Contracts, strategy documents and databases are among the 4,000 files released.

Notify of

5 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Hugo Van den Toorn
Hugo Van den Toorn , Manager, Offensive Security
InfoSec Expert
January 25, 2021 9:06 am

<p>As you are dealing with individuals, or collectives of people, with very little ethics you cannot trust them to not blackmail you again after they digitally broke in and stole your data already. So although paying ransom may seem like an ‘easy way to recovery’, you can never be certain to ever regain access to your files and your network will always remain a hostile territory. Even paying the ransom would not have guaranteed that the information would not get leaked, or that a higher ransom amount is asked at a later stage.</p> <p> </p> <p>However painful the recovery may be, this seems like the right response by SEPA. It probably has been a difficult decision, but it might very well be the safest way forward: To start from scratch, slowly recover from backups and ensure things are setup securely.</p>

Last edited 1 year ago by Hugo Van den Toorn
Stuart Reed
Stuart Reed , UK Director
InfoSec Expert
January 25, 2021 9:04 am

<div>Great credit should be given to Sepa who followed the \’gold standard\’, set by Norsk Hydro in 2019, by refusing to pay hackers while remaining completely open and transparent with the outside world, its staff and suppliers.</div> <div> </div> <div><br />Continuing an open dialogue with stakeholders in the coming days will rightly be a key priority. However, now that the worst has happened, and Sepa\’s files are in the public domain, the organisation must focus on shoring up its defences and refreshing its cybersecurity practices. A well-handled breach is praiseworthy, but should hackers breach the organisation for a second time, the tide of public sentiment could turn against Sepa, particularly if any sensitive personal data became exposed. Adopting a layered approach to security, deploying well-trained people, refined processes and fit-for-purpose threat detection and response technologies, can hugely reduce the risk posed by malicious actors, while minimising the impact of a breach should one occur. With these pillars in place, Sepa\’s employees, partners and governing bodies can be confident that the organisation is fulfilling its obligations and duty of care.</div>

Last edited 1 year ago by Stuart Reed
Jake Moore
Jake Moore , Cybersecurity Specialist
InfoSec Expert
January 25, 2021 9:01 am

<p>Companies are often stuck between a rock and a hard place when it comes to ransomware demands, but it bodes well in the long run to stay firm and not pay. Being honest with customers and the public is a far better way out and it halts the funding of future cybercrime, which is not showing any signs of slowing down. By publishing the data on dark web forums it suggests the threat actors have tried all they can to make money from it . However, this may not halt other cybercriminals from trying their luck with the data should they be able to decrypt it.</p>

Last edited 1 year ago by Jake Moore
James Smith
James Smith , Principal Security Consultant and Head of Penetration Testing
InfoSec Expert
January 25, 2021 8:59 am

<p>Any company that finds itself victim to ransomware is in a difficult situation. If they pay, in theory, they regain access to their data and systems and business can continue. If they don’t pay, they run the risk of details being shared online.</p> <p> </p> <p>However, even if they do pay there’s no guarantee they’ll actually get access restored. More often than not, making a payment won’t do anything at all, and instead just leave companies out of pocket and with more malware infections to deal with. There’s also no guarantee the data hasn’t been <span class=\"il\">stolen</span> already, before it was encrypted. This is happening more and more and the likelihood that the data will be sold or stored by the hacker is great. Then of course there are the wider ethical considerations about paying attackers who could use the money to fund other criminal enterprises.</p> <p> </p> <p>The only way to avoid these scenarios is to have the right security measures in place to stop them occurring, such as replicating data, having off-site backups and segregated networks. Then the likelihood of having to answer the “pay or not pay” question is greatly reduced.</p>

Last edited 1 year ago by James Smith
Paul (PJ) Norris
Paul (PJ) Norris , Senior Systems Engineer
InfoSec Expert
January 25, 2021 8:55 am

<p>We see endless streaks of headlines about ransomware, but underlying each of these incidents is a set of conditions that allowed that ransomware to take hold. The Conti ransomware traverses networks using a variety of techniques, including taking specific actions to avoid detection. Asking for ransom is literally the last thing the ransomware does.</p> <p> </p> <p>Remember, ransomware is only successful when victims actually pay the ransom. It might seem like a simple solution to the ransomware problem is to stop paying the ransom, but that’s easier said than done when your data, and your business, is being held hostage. The best protection against ransomware is a good set of backups and the ability to restore systems quickly.</p>

Last edited 1 year ago by Paul (PJ) Norris
Information Security Buzz
Would love your thoughts, please comment.x