Glasgow-based Aspire, which works with vulnerable groups across the city, has been targeted by a ransomware gang
A Scottish social care organisation has been hit by a cyber attack.
Aspire, which provides housing services for vulnerable people in Glasgow, discovered last month that it had been targeted by criminals using ransomware.
The incident was believed to have occurred on April 2 and was reported to police a day later, triggering a multi-agency response.
Detective Inspector Michael McCullagh, cybercrime investigations unit, Police Scotland said: “We are investigating a cyber incident at Aspire, Glasgow, which was reported to police on Saturday, 3 April, 2021.
“Enquiries are ongoing and we are working closely with Aspire, their IT support, and the wider UK Cyber Law Enforcement network.
“We are aware of the publication of data and are supporting Aspire to help those affected by the sickening actions of these criminals. This continues in conjunction with Police Scotland’s Cyber Harm Prevention colleagues.”
Ruth McIntyre, chief executive of Aspire, said: “On Friday 2 April 2021, we discovered that Aspire had been the victim of an apparent ransomware attack. We took immediate action to limit the impact, working closely with multiple agencies including Police Scotland and our insurers, who have and are continuing to provide expert support.
"Our focus is now on recovery. Many of our key systems are based in the cloud, so our work on behalf of supported individuals has continued as normal. We have communicated openly and honestly with all stakeholders and colleagues, to let them know the actions we are taking on this matter. As the investigation progresses, we will continue to share information with those most likely to be affected and will give people every opportunity to discuss their concerns with us.
"This attack on Aspire has been a difficult experience but we are a resilient and determined employee-owned organisation, who remain committed to providing high quality support."
The attack is similar in nature to the one carried out against SEPA at the end of last year, however TFN understands that claims that it was carried out by the same group have not been verified.
The information that was accessed is said to include private details of employees’ salaries, personal details of clients in receipt of services and email correspondence between senior members of the organisation.
Jude McCorry, chief executive of the Scottish Business Resilience Centre (SBRC), said it is vital that organisations are aware of the threat of cyber crime. She said: “There are many ways including ransomware a business can experience a cyber security incident, with varying levels of complexity and disruption. Cyber incidents can occur through deliberate targeting, or even human error, the end result is the same, a disruptive effect on business operations.
"At SBRC, we are working in partnership with Police Scotland and Scottish Government running the UK’s first collaborative cyber incident response helpline for organisations in Scotland.
“If you think that you are a victim of a cyber attack your first call should be to Police Scotland on 101 to report the crime (whilst respecting your IT systems as a crime scene) and our incident response helpline on 01786 437472, we will assist you with immediate support and expert guidance, and ensure you are speaking to the correct agencies and organisations to help you feel supported and get you back in operation securely.”
Aspire has been providing housing services for homeless and vulnerable people for almost 20 years, and recently became a wholly employee-owned company.