South Staffordshire Water says it was the target of a cyberattack as criminals botched a blackmail attempt | Science and technology news
South Staffordshire Water “was the target of a criminal cyber attack,” the company has confirmed.
In a statement, it stressed that it “still provides clean water to all of our Cambridge Water and South Staffs Water customers”.
“This is thanks to the robust water supply and quality systems and controls we have in place at all times, as well as the swift work of our teams to respond to this incident and implement the additional precautionary measures we have taken.”
The statement came after a ransomware group called Cl0p claimed to have hacked another water company’s networks.
The group used its dark web site as part of a botched cyber extortion operation, releasing what appeared to be stolen identification documents.
It is not clear how the criminals managed to misidentify the victim company.
In addition to releasing files, the group criticized the company’s security, suggesting that other hackers could enter the network and cause significant damage.
Cl0p typically encrypts files on victims’ computer networks to render IT systems unusable unless victims make an extortion payment, which often amounts to millions of dollars.
In this case, Cl0p claims to have decided not to encrypt the company’s files. Instead, she demands an extortion payment to prevent the stolen data from being released and to explain how she managed to break into the network.
The group claims to be able to access the company’s SCADA (Supervisory Control and Data Acquisition) systems, which is the software used to manage industrial processes such as those found in water treatment plants.
In another unverified claim, denied by South Staffs Water, the racketeers state, “It would be easy to change the chemistry of their water, but it’s important to note that we’re not interested in harming people.”
Most water utilities have sophisticated systems in place to ensure the quality of their water, including multiple controls and balances that are resilient to individual subsystem failures.
Ransomware groups often exaggerate their access to victims’ networks in order to blackmail them, expecting their claims to be reinforced with harmful headlines.
The UK’s National Cyber Security Center (NCSC) advises organisations not to pay extortion payments since they do not guarantee any actions by the attackers and also directly contribute to the success of the criminal enterprise.
Ransomware “biggest online threat”
NCSC Chief Executive Lindy Cameron said earlier this year: “Ransomware remains the number one online threat to the UK and we do not encourage or condone the payment of ransom demands to criminal organisations.
“Unfortunately, we’ve seen an increase in payments to ransomware criminals recently, and the legal sector has a crucial role to play in reversing this trend.
“Cybersecurity is a collective effort and we call on the legal sector to work with us as we continue our efforts to fight ransomware and keep the UK safe online.”
In his statement, South Staffs said: “We are experiencing a disruption to our corporate IT network and our teams are working to resolve this as quickly as possible. It is important to emphasize that our customer service teams are operating as usual.”
A government spokesman said: “We are aware that South Staffordshire Plc has been the target of a cyber incident. Defra and NCSC work closely with the company.
“After extensive engagement with South Staffordshire Plc and the Drinking Water Inspectorate, we are assured that there is no impact on the continued safe supply of drinking water and the company is taking all necessary steps to investigate this incident.”