Scotland’s environmental watchdog has spent nearly £800,000 on its response to a major cyber attack, new figures show.
The Scottish Environment Protection Agency (Sepa) had more than 4,000 of its digital files stolen by hackers on Christmas Eve.
The files were released on the internet when Sepa refused to pay a ransom.
The public body has warned it could be next year before its systems have fully recovered from the attack.
Figures released to BBC Scotland under freedom of information laws show a total of £790,000 has been spent on Sepa’s response and recovery actions so far.
This includes £458,000 on stabilising the watchdog’s business IT platform.
Sepa has restored the majority of its key services, such as flooding forecasting, but it is expected a full recovery from the attack will take up the remainder of 2021-22.
Terry A’Hearn, Sepa’s chief executive, said: “Whilst we initially lost access to our data and systems, what we didn’t lose was the expertise of our 1,200 staff.
“Since Christmas Eve, teams across the agency have been working flat-out to support our people, partners and customers and to restore our systems services as quickly as possible.
“Our clear recovery strategy is gradually seeing systems being restored. By Easter, over 70% of staff will be back online and we’re engaging data recovery specialists and are confident that we will recover the most important data.”
Sepa rejected a ransom demand for the attack, which was claimed by the international Conti ransomware group.
Contracts, strategy documents and databases were among the 4,000 files released.
The data has been put on the dark web – a part of the internet associated with criminality and only accessible through specialised software.
Some of the information stolen was already publicly available but other files, including data about staff and suppliers, was not.
Sepa told BBC Scotland a total of 54 people had been in touch to ask if their data was among the files stolen. This includes 27 current and former staff members.
Police Scotland is investigating the crime and has previously indicated the likely involvement of international serious and organised crime.
Det Insp Michael McCullagh said: “Police Scotland is continuing to work closely with Sepa to investigate and provide support in response to this incident.
“The actions of the criminals behind this crime show a blatant disregard for public safety, evident in this sickening attack on an organisation like Sepa. This type of crime and its impacts can be significant.
“I would urge caution in the viewing and downloading of any data published by cyber criminals. The likelihood of those files being infected and making you their next victim is high.”