A water company supplying drinking water to more than 1.6 million people in the UK claims to have been the victim of a cyberattack. But the cybercriminals involved claimed an attack… at a competing company.
South Staffordshire Water claims to have been the “target of a criminal cyberattack” which is disrupting the company’s IT network. The attack did not, however, affect its ability to provide drinking water to its customers.
The company explains in a press release that its services have not been interrupted thanks to “the robust systems and controls on water supply and water quality that we have in place at all times, as well as the work our teams to respond to this incident and implement the additional measures we have put in place as a precaution.
Like two drops of water
While South Staffordshire Water has not disclosed the nature of the cyberattack it suffered, it did reveal that it was the target of hackers shortly after ransomware group Clop announced it had hit another water company , Thames Water. The latter, however, claims that this information is false.
“We heard in the media that Thames Water would be facing a cyberattack. We want to reassure you: this is not the case,” the company said.
“As providers of an essential service, we take the security of our networks and systems very seriously and are focused on protecting them, so that we can continue to provide you with the services and support you need. »
Data theft
On his leaked site, Clop claims to have spent “months” in the company’s system. If so, it’s unclear why the ransomware tape thought they were in the Thames Water network if they had in fact penetrated the South Staffordshire Water network, when they are two separate companies supplying water to different parts of the UK.
Cybercriminals also claim to have access to Supervisory Control and Data Acquisition (SCADA) industrial control systems, which monitor chemicals in water. An assertion refuted by South Staffordshire Water: “this incident has not affected our ability to provide safe water”.
If Clop claims to have had access to the network, the group says not to have encrypted it, specifying “not to attack critical infrastructures”. Despite this, Clop claims to have stolen more than 5TB of data and attempted to extort a ransom in exchange for the non-disclosure of this data.
A ransom sent to the wrong target?
It is unknown at this time what type of ransom was demanded, or if the demand was met – particularly if the attackers tried to extort payment from the wrong target.
South Staffordshire Water says it is “working closely with the relevant government and regulatory authorities” and will keep them and its customers informed as investigations into the incident continue.
“We are aware that South Staffordshire Plc has been the target of a cyber incident. Defra and NCSC are working closely with the company,” a UK government spokesperson told ZDNET. “Following extensive engagement with South Staffordshire Plc and the Drinking Water Inspectorate, we are reassured that there has been no impact on the continued supply of drinking water, and society is taking all necessary steps to investigate this incident. »
ZDNet has contacted South Staffordshire Water but they have not responded at the time of writing. On the side of the national cybersecurity agency, the NCSC, we were told that it was not possible to comment on an incident in progress.
Clop still active
Lindy Cameron, head of the UK’s National Cyber Security Center (NCSC), recently called ransomware “the biggest global cyber threat we’ve ever faced”. The British cybersecurity agency also advised victims never to pay the ransom, or risk encouraging new attacks.
Members of the Clop ransomware group were arrested in a frame-up by Ukrainian police last year.
But this attack, and others, show that the group apparently remains active.
Source: ZDNet.com