South Staffordshire Water “has been the target of a criminal cyber attack,” the company has confirmed.
In a statement, it emphasized that it “continues to provide safe water to all of our Cambridge Water and South Staffs Water customers”.
“This is due to the robust systems and controls over water supply and quality that we have in place at all times, as well as the quick work of our teams to respond to this incident and implement the additional measures we have taken as a precaution. .”
The statement was released after a ransomware group known as Cl0p claimed to have hacked into the networks of another water company.
Using its darknet site as part of a failed cyber extortion attempt, the group posted what appeared to be stolen identification documents.
It is not clear how the criminals managed to misidentify the victim company.
In addition to releasing files, the group criticized the company’s security, suggesting that other hackers could break into the network and cause significant damage.
Cl0p typically encrypts files on victims’ computer networks to render IT systems useless, unless victims make an extortion payment, which often runs into the millions of dollars.
In this case, Cl0p claims to have decided not to encrypt the company’s files. Instead, it demands an extortion payment to prevent the stolen data from being released and to explain how it managed to break into the network.
The group claims to have access to the company’s supervisory control and data acquisition (SCADA) systems, the software used to manage industrial processes, such as those at water treatment facilities.
In another unverified claim disputed by South Staffs Water, the blackmailers state: “It would be easy to change the chemical composition of their water, but it is important to note that we are not interested in inflicting harm to people.”
Most water companies have advanced systems to ensure the quality of their water, including various checks and balances that can withstand failures of individual subsystems.
Ransomware groups often exaggerate access to victims’ networks for extortion purposes, expecting their claims to be reinforced in malicious news headlines.
The UK’s National Cyber Security Center (NCSC) advises organisations don’t make extortion payments because they do not provide any guarantee whatsoever for the attackers’ actions and also directly contribute to the success of the criminal enterprise.
NCSC’s chief executive, Lindy Cameron, said earlier this year: “Ransomware remains the biggest online threat to the UK and we do not encourage or condone the payment of ransoms to criminal organizations.
“Unfortunately, we’ve seen a recent surge in payments to ransomware criminals, and the legal industry is playing a critical role in helping to reverse that trend.
“Cybersecurity is a collective effort and we are urging the legal industry to work with us as we continue our efforts to fight ransomware and keep the UK safe online.”
In its statement, South Staffs said, “We are experiencing disruption to our corporate IT network and our teams are working to resolve this as soon as possible. It is important to emphasize that our customer service teams are operating normally.”
A government spokesperson said: “We are aware that South Staffordshire Plc has been the target of a cyber incident. Defra and NCSC are working closely with the company.
“After extensive working with South Staffordshire Plc and the Drinking Water Inspectorate, we are reassured that there will be no impact on the continued safe supply of drinking water and the company is taking all necessary steps to investigate this incident.”