Data stolen from an environmental regulator in Scotland in a cyberattack has now been published online.

The Scottish Environment Protection Agency (SEPA) earlier this month revealed at least 4,000 files containing 1.2GB were stolen in an ongoing ransomware attack that began on Christmas Eve.

SEPA said yesterday that data accessed through the attack has now been illegally published. It said the culprits are “likely to be international serious and organised cyber-crime groups”

The organisation stressed it will not engage with the criminals nor pay a ransom.

The agency said  it does not know, and and may never know the full detail of the 1.2 GB of information stolen.  It said some of it will have been publicly available, while some will not have been.

Staff known to be affected have been contacted and are being supported and a dedicated data less website and other resources have been made available for business and supply chain partners.

The agency stressed firm Police Scotland advice that organisations and individuals should not seek to search for the stolen information, as “accessing the host site may place organisations, individuals and their computer infrastructure at risk.”

Terry A’Hearn, Chief Executive at SEPA, said: “Supported by Scottish Government, Police Scotland and the National Cyber Security Centre, we continue to respond to what remains a significant and sophisticated cyber-attack and a serious crime against SEPA

“We’ve been clear that we won’t use public finance to pay serious and organised criminals intent on disrupting public services and extorting public funds”.

The agency also confirmed that priority regulatory, monitoring, flood forecasting and warning services were still operating.