The UK water supplier, South Staffordshire Water fell prey to a CLOP Ransomware attack. Following the attack, the company released a statement mentioning that the exploit had no effect on the systems that distribute water safely.
South Staffordshire Water plc, also known as South Staffs Water, is a UK water supply firm that supplies water to a small portion of the West Midlands, Staffordshire, and other nearby counties in England.
Over 1,500 square kilometers in the West Midlands, South Staffordshire, South Derbyshire, North Warwickshire, and North Worcestershire, South Staffordshire provides drinking water to about 1.3 million individuals and 35,000 commercial clients.
The company was able to offer Cambridge Water and South Staffs Water customers safe water because of the security measures in place. Additionally, South Staffordshire Water reassures its clients that all service teams are working normally, negating any possibility of prolonged disruptions as a result of the incident.
Alongside carefully collaborating with the relevant governmental and regulatory agencies, the company is looking into the issue. The supplier's identity was published to the Clop ransomware gang's Tor leak site along with a claim of responsibility for the attack.
The wrong firm extorted by hackers
The Clop ransomware gang's Tor leak site through a release on their onion website today stated that Thames Water was their target. They claimed to have gained access to SCADA systems that they could control to affect 15 million users.
The hackers contend that they acted appropriately by not encrypting their data and only stealing 5TB from the hacked systems. Further claims have it that they warned Thames Water of its network security flaws. However, after allegedly failing to reach an agreement on the ransom payment, the actors released the first sample of stolen information, which included passport images, screenshots from SCADA systems used for water treatment, driver's license images, etc.
In a statement released today, Thames Water formally refuted these assertions, further asserting that any accusations of Clop breaching its network were "cyber-hoaxes" and that its services were already at capacity. One significant aspect of the lawsuit is that, among the public material, Clop offers a table of usernames and passwords that includes the email addresses of South Staffordshire and South Staff Water.
This incident occurs as eight locations in the UK are enforcing water rationing rules and hosepipe bans because of extreme drought. Due to the extreme pressure that could be placed on water suppliers to pay the demanded ransom, cybercriminals don't choose their victims at random.
However, for this to happen, Clop must target its threats on the appropriate party. However, given the amount of attention the situation has received, it's likely too late for that at this point.