A cyberattack has hit a UK water supplier that serves 1.6 million residents, but the ransomware gang responsible may have bungled the extortion attempt.
On Monday, South Staffordshire PLC reported(Opens in a new window) it had suffered a “criminal cyber attack” that had caused a disruption to the company’s IT systems. Fortunately, the company continues to pump clean water to local residents as the UK faces a drought.
“This incident has not affected our ability to supply safe water and we can confirm we are still supplying safe water to all of our Cambridge Water and South Staffs Water customers,” the company wrote in a statement.
South Staffordshire reported the hack after a ransomware gang called CL0P announced it had recently hacked a UK water supplier. The only problem? CL0P claims it hacked a different company called Thames Water—the largest water supplier in the UK.
On Tuesday, Thames Water issued(Opens in a new window) a public statement that called out the ransomware attack from CL0P as a hoax. “We are aware of reports in the media that Thames Water is facing a cyber attack. We want to reassure you that this is not the case and we are sorry if the reports have caused distress,” the company said.
CL0P’s website posting about the ransomware claim against Thames Water.
CL0P didn’t immediately respond to a request for comment. But the ransomware group should have been aware it hacked South Staffordshire and not Thames Water. CL0P’s website on the dark web shows the group stole internal files marked with the name South Staffordshire and emails belonging to the south-staffs-water.co.uk domain. This suggests CL0P may have been trying to extort a larger, more lucrative victim by claiming it had hacked Thames Water, as noted(Opens in a new window) by BleepingComputer.
CL0P’s site also shows the ransomware gang is trying to instill fear about Thames Water’s ability to supply fresh water to millions of UK residents. “People unite and sue this company,” the hackers at one point write. “Sell all stock before collapse.”
Recommended by Our Editors
The same site also claims CL0P could have disrupted the operations at Thames, including changing the chemical composition of the water, but the group refrained from doing so, citing its own ethics. “Cl0p is not political organization and we do not attack critical infrastructure or health organizations,” the group wrote.
In the meantime, South Staffordshire is telling the public it has “robust systems and controls over water supply and quality” to maintain fresh water supplies. Nevertheless, the breach underscores the threat ransomware gangs can pose to critical infrastructure. Last year, ransomware gangs hit US critical infrastructure at least 641 times, according to the FBI. This included targeting healthcare, agriculture, and transportation providers, in addition to water and wastewater management systems.
CL0P’s site goes on to say it stole 5TB of data, including what appears to be scanned copies of passports and ID cards belonging to South Staffordshire employees. South Staffordshire PLC didn’t immediately respond to a request for comment.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Hits: 0
