- While the Clop ransomware gang claims that they have spent months in the system, Thames Water claims that it is a cyber hoax while South Staffordshire PLC admits the incident.
- The ransomware gang claims that they don’t target critical infrastructure and they didn’t encrypt the data, but steal 5 TB of data and demand a ransom.
- Government officials also stated that Defra and NCSC are working closely with the company during the investigation to help the company.
South Staffordshire PLC, the parent firm of South Staffs Water and Cambridge Water, has been targeted in a cyber attack. The company, which provides drinking water for 1.6 million people, reassured its customers that the attack will not affect water supplies. The company also stated that they have systems and controls which allows the implementation of security measures quickly in such situation.
Clop ransomware gang
Although South Staffordshire Water didn’t share the details of the cyber attack that the company suffered, the situation became more confusing. Shortly after the Clop ransomware gang claimed that they hacked a water company, South Staffordshire Water said,
« This is thanks to the robust systems and controls over water supply and quality we have in place at all times as well as the quick work of our teams to respond to this incident and implement the additional measures we have put in place on a precautionary basis. »
However, the gang claims that they have hacked into Thames Water, another UK water company. These are two separate companies providing water to different parts of the UK. But the company declined the allegations by saying,
« We are aware of reports in the media that Thames Water is facing a cyber attack. We want to reassure you that this is not the case. As providers of an essential service we take the security of our networks and systems very seriously and are focussed on protecting them, so that we can continue to provide you with the services and support you need from us. »
The Clop ransomware gang claims that they have spent months in the company’s system, thus it can’t be a momentary confusion. It seems like the gang thought it was the Thames Water’s systems they have breached into, but actually, it was South Staffordshire Water’s.
The data is not encrypted
The Clop ransomware gang also stated that they had access to Supervisory Control and Data Acquisition, the system that controls the chemicals in the water but South Staffordshire Water stated that the incident didn’t affect the company’s ability to supply safe water.
The gang claims that they don’t attack critical infrastructure, thus they didn’t encrypt the data but they have stolen over 5 TB of data and aim to extort a ransom payment to not publish it. The company didn’t announce what the gang is demanding but the company is working closely with relevant government and regulatory authorities and the investigation continues.
Government officials also stated that they are aware of the situation and Defra and NCSC are working closely with the company. They also claim that there are no impacts on the continued safe supply of drinking water, and the company is taking all necessary steps to investigate the incident.