U.K. Water Supplier Hit with Clop Ransomware Attack

1 month ago

The incidental disrupted firm IT systems astatine 1 institution portion attackers misidentified the unfortunate successful a station connected its website that leaked stolen data.

A U.K. h2o supplier suffered a disruption successful its firm IT systems Monday arsenic a effect of a cyber-attack but claims that its h2o proviso was not affected.

Meanwhile, the alleged onslaught perpetrator—the Clop ransomware group—claimed the onslaught was connected another, larger h2o utility, which for its portion indignantly called the assertion a “cyber hoax.”

South Staffordshire PLC, the genitor institution of South Staffs Water and Cambridge Water, confirmed connected Monday that it was the unfortunate of a cyber-attack that did not impact its “ability to proviso harmless water” to each of its customers, it said successful a connection Monday. The institution provides h2o to astir 1.6 cardinal consumers daily.Infosec Insiders Newsletter

The deficiency of disruption successful h2o proviso was “in acknowledgment to the robust systems and controls implicit h2o proviso and prime we person successful spot astatine each times arsenic good arsenic the speedy enactment of our teams to respond to this incidental and instrumentality the further measures we person enactment successful spot connected a precautionary basis,” the institution said successful its statement.

South Staffordshire’s IT teams were moving to resoluteness the disruption to the firm web connected Monday, portion lawsuit work remained unaffected, the institution said.

Victim Misidentified

The Clop ransomware pack took work for an onslaught connected a U.K. h2o supplier connected its acheronian web site, but said the unfortunate was Thames Water and not South Staffordshire, according to a report posted connected Bleepingcomputer. Thames Water is the United Kingdom’s largest h2o supplier, serving 15 cardinal customers successful Greater London and different areas connected the stream that runs done the city.

Thames Water rapidly took to its website to fto each of its customers cognize that immoderate media study claiming it suffered a cyber-attack was wholly bogus. In its post, the Clop pack claimed it accessed the company’s SCADA systems.

“We are alert of reports successful the media that Thames Water is facing a cyber attack,” the institution said. “We privation to reassure you that this is not the lawsuit and we are atrocious if the reports person caused distress.”

Further inspection of stolen information dumped from the onslaught connected the Clop tract appears to corroborate Thames Water’s assurance, arsenic it includes a spreadsheet of usernames and passwords featuring South Staff Water and South Staffordshire email addresses, according to Bleepingcomputer.

The breached data, published online aft ransom negotiations betwixt Clop and its unfortunate broke down, besides includes passports, screenshots from water-treatment SCADA systems, driver’s licenses and more, the study said.

Water Supply Under Attack

The incidental is among a bid of attacks connected captious infrastructure that volition apt proceed arsenic menace actors progressively absorption their cybercriminal efforts against systems that radical beryllium on, which besides boosts their chances of successfully extorting victims, noted 1 information professional.

“In the lawsuit of financially motivated attacks designed to get a ransom, wrongdoers person importantly much chances of getting paid by cruelly exploiting radical successful utmost need,” observed Ilia Kolochenko, laminitis of ImmuniWeb and a subordinate of the Europol Data Protection Experts Network, successful an email to Threatpost.

The onslaught successful the United Kingdom comes arsenic Europe and different regions are suffering from unprecedented wildfires and catastrophic drought, which tin unwittingly bolster the efforts of attacks connected captious infrastructure, helium said.

“Therefore, [critical infrastructure] operators should hole for a mounting fig of cyber-attacks exacerbated by spiralling earthy disasters,” Kolochenko said.

The U.K. onslaught comes auspiciously connected the heels of a dire warning issued by the Center connected Cyber and Technology Innovation (CCTI) successful June that was focused connected h2o utilities successful the United States but could beryllium said of astir facilities providing the captious resource.

The halfway claimed that the inherent deficiency of cybersecurity preparedness of U.S. h2o utilities makes them a premier people for attack, with CCTI Chair Samantha Ravich calling h2o the top vulnerability successful U.S. nationalist infrastructure.

Last twelvemonth a glimpse of what could beryllium imaginable successful a palmy onslaught connected a h2o proviso occurred erstwhile an attacker hacked a h2o attraction facility successful Oldsmar, Fla., and raised the levels of sodium hydroxide, oregon lye, successful the water. An relation rapidly noticed the onslaught and corrected the lye levels successful the h2o earlier immoderate important harm was done, but the onslaught could person been highly unsafe had it not been thwarted quickly, officials said astatine the time.