Sepa cyber attack recovery could take years

Scotland's environmental watchdog has said it could take years to fully recover from a cyber attack.

The Scottish Environment Protection Agency (Sepa) had more than 4,000 digital files stolen by hackers on Christmas Eve.

Chief executive Terry A'Hearn revealed it is now building a new IT system from scratch.

Sepa said it had backup systems in place but had so far not recovered all of its environmental data sets.

It rejected a ransom demand for the attack, which was claimed by the international Conti ransomware group. The stolen files were then released on the internet.

The public body restored the majority of its key services, such as flooding forecasting, but is now building new IT systems to run them from.

Mr A'Hearn told BBC Scotland: "I think this a process that will take a year or two.

"We had reform aims anyway, we were going to build a new IT system progressively over five or six years.

"This is an opportunity we didn't want provided by criminals, but we've decided to fast-track that and will build that in one or two years."

Mr A'Hearn said there was never any question of paying the ransom, adding that "If we had paid then we would have increased the risk for everyone else".

In April BBC Scotland asked Sepa if it had offline backups of every data set that it was responsible for. The watchdog said the question would be dealt with under freedom of information laws.

A response to this FOI request is still outstanding but Mr A'Hearn said Sepa was making good progress in recovering its environmental datasets from offline storage.

He said: "Like all organisations we had a variety of ways of backing up, we have recovered the vast majority of our environmental data sets - we're now working on them again on a priority basis."

Part of Sepa's £800,000 outlay on recovering from the cyber attack has involved the hiring of data recovery specialists.

Police Scotland is still investigating the cyber attack and has previously indicated the likely involvement of international serious and organised crime.

Jen Miller Osborn, of cyber security firm Palo Alto Networks, told BBC Scotland that the Conti group, who claimed the attack, stands out as "one of the more greedy and aggressive groups" in the ransomware world.

She said that Conti is "aggressive in their targeting and researching of victims beforehand" and has hit other public organisations before.

She added: "This attack really shows it is becoming increasingly difficult to protect yourself against these accounts.

"Once they are in it does not take time much time before you have a massive incident on your hands. "