Tayside fishing businesses have been left in limbo for nearly two months after Sepa was targeted in a major cyber attack on Christmas Eve.
The security breach has left the organisation unable to access a range of services, including its own email servers, since the festive season.
The cyber attack has also left business unable to request permits for work along the river Tay or to see water levels which can give them advanced notice of flood risks.
Claire Mercer Nairn, of Meikleour Fishing, said: “We’ve put in several applications to get permission to do some work which would be good to get done during lockdown.
“But it’s very difficult to get anything from Sepa at the moment.
“For licences it has started to be a problem and I’m worried about the water levels.”
Dr David Summers, director of the Tay District Salmon Fisheries Board, said projects with Sepa on the Tay and Earn had been at a standstill for months.
He said: “There’s been two months of nothing. It’s quite annoying.
“There was a number of projects that we were doing with Sepa before Christmas that we would have expected the consultations to be back by now but we haven’t heard anything.”
The national water body has warned the setbacks could continue for many months.
A Sepa spokesperson said: “The subject of a sophisticated and complex ransomware attack, Sepa is working with the Scottish Government, Police Scotland and the National Cyber Security Centre.
“We’re clear that we won’t use public funds to pay likely international serious and organised criminals.
“The impact on our organisation, systems and services has been significant and recovery will take time.
“We’ve prioritised regulatory, monitoring, flood forecasting and warning services and we recognise and apologise for the impact on some service users as we build these services back.
“Our teams are working as quickly as possible to restore wider services, including public access to river level data, and we’ll continue to provide weekly updates on the status of our services at
They added: “While we have already achieved a lot in the first month, it is likely to take many months to fully recover our capacity to do all of our work.
“We are not the first organisation and, unfortunately, we won’t be the last to be hit by a major cyberattack.
“This hideous crime is becoming more commonplace.
“We are drawing on the experiences of others who have recovered from these attacks, taking the best advice and are committed to providing the best service we can as we take the necessary time to work back to our full capacity.”
The organisation said it had now managed to restore critical services, including immediate flood forecasting and warnings.
It now hopes to focus on the “second step” which would include applications for permits and broader flood warning work.