A cyberattack has hit a UK water supplier that serves 1.6 million residents, but the ransomware gang responsible may have bungled the extortion attempt.
South Staffordshire PLC reported it had suffered a cyber attack that had caused a disruption to the company’s IT systems.
This incident has not affected our ability to supply safe water and we can confirm we are still supplying safe water to all of our Cambridge Water and South Staffs Water customers.
South Staffordshire reported the hack after a ransomware gang called CL0P announced it had recently hacked a UK water supplier.
Later by a day, Thames Water issued a public statement that called out the ransomware attack from CL0P as a hoax. “We are aware of reports in the media that Thames Water is facing a cyber attack. We want to reassure you that this is not the case and we are sorry if the reports have caused distress,” the company said.
CL0P didn’t immediately respond to a request for comment. But the ransomware group should have been aware it hacked South Staffordshire and not Thames Water. CL0P’s website on the dark web shows the group stole internal files marked with the name South Staffordshire and emails belonging to the south-staffs-water.co.uk domain.
The same site also claims CL0P could have disrupted the operations at Thames, including changing the chemical composition of the water, but the group refrained from doing so, citing its own ethics. “Cl0p is not political organization and we do not attack critical infrastructure or health organizations,” the group wrote
South Staffordshire is telling the public it has “robust systems and controls over water supply and quality” to maintain fresh water supplies. CL0P’s site goes on to say it stole 5TB of data, including what appears to be scanned copies of passports and ID cards belonging to South Staffordshire employees.