The Scottish Environment Protection Agency (Sepa) confirmed it was continuing to respond to an ongoing ransomware attack, probably by international serious and organised cyber-crime groups.
The agency was subjected to a “complex and sophisticated” cyber attack on Christmas Eve.
The agency also confirmed the theft of 1.2GB of data, which suggests around 4,000 files may have been accessed and stolen by criminals.
Sepa reassured the public that priority regulatory, monitoring, flood forecasting and warning services are adapting and continuing to operate.
Terry A’Hearn, Sepa chief executive, said: “Whilst having moved quickly to isolate our systems, cybersecurity specialists, working with Sepa, the Scottish Government, Police Scotland and the National Cyber Security Centre, have now confirmed the significance of the ongoing incident.
“Sadly, we’re not the first and won’t be the last national organisation targeted by likely international criminals
“Partners have confirmed that Sepa remains subject to an ongoing ransomware attack likely to be by international serious and organised cyber-crime groups intent on disrupting public services and extorting public funds.”
The agency added that recovery may take a significant amount of time, with some systems remaining badly affected for some time.
Mr A’Hearn added: “We have prioritised our legal obligations and duty of care on the sensitive handling of data very seriously, which is why we have worked closely with Police Scotland, Scottish Government, the National Cyber Security Centre and specialist cybersecurity professionals day and night since Christmas Eve.
“Work continues by cybersecurity specialists to seek to identify what the stolen data was.
“Whilst we don’t know and may never know the full detail of the 1.2GB of information stolen, what we know is that early indications suggest that the theft of information related to a number of business areas.
“Some of the information stolen will have been publicly available, whilst some will not have been.
“Sadly, we’re not the first and won’t be the last national organisation targeted by likely international criminals.
“Cyber-crime is a growing trend. Our focus is on supporting our people, our partners, protecting Scotland’s environment and, in time, following a review, sharing any learnings with wider public, private and voluntary sector partners.”