South Staffordshire Water “has been the target of a criminal cyberattack”, the company confirmed.
In a statement, it stressed that it was “always providing clean drinking water to all of our Cambridge Water and South Staffs Water customers”.
“It is thanks to the robust systems and water supply and quality controls that we have in place at all times as well as the quick work of our teams to respond to this incident and implement the additional measures we have put in place as a preventive measure. .
The statement was released after a ransomware group known as Cl0p claimed to have hacked into another water company’s networks.
Using its darknet site as part of a failed cyber extortion effort, the group released what appeared to be stolen identity documents.
It is unclear how the criminals managed to wrongly identify the victim company.
Along with the release of files, the group criticized the company’s security and suggested that other hackers could break into the network and cause significant damage.
Cl0p typically encrypts files on victims’ computer networks to render computer systems unusable unless those victims make an extortion payment, often stretching into millions of dollars.
In this case, Cl0p claims to have decided not to encrypt company files. Instead, he demands an extortion payment to prevent the leaked data from being disclosed and to explain how he managed to break into the network.
The group says it can access the company’s SCADA (supervisory control and data acquisition) systems which are the software used to manage industrial processes, such as those in water treatment facilities.
In another unverified claim which is disputed by South Staffs Water, the extortionists say: “It would be easy to change the chemistry of their water, but it is important to note that we are not interested in causing harm to people.
Most water companies have sophisticated systems in place to ensure the quality of their water, including multiple checks and balances resistant to the failure of individual subsystems.
Ransomware groups often overestimate their access to victims’ networks for the purpose of extortion, expecting their claims to be amplified in damaging headlines.
The UK’s National Cyber Security Center (NCSC) advises organizations do not make extortion payments as they do not guarantee any action by the attackers and also directly contribute to the success of the criminal enterprise.
Ransomware is the “biggest online threat”
NCSC chief executive Lindy Cameron said earlier this year: “Ransomware remains the biggest online threat to the UK and we do not encourage or condone the payment of ransom demands to criminal organisations.
“Unfortunately, we have seen a recent increase in payments to ransomware criminals and the legal industry has a vital role to play in helping reverse this trend.
“Cybersecurity is a collective effort and we urge the legal industry to work with us as we continue our efforts to tackle ransomware and keep the UK safe online.”
In its statement, South Staffs said: “We are experiencing disruptions to our corporate IT network and our teams are working to resolve this issue as quickly as possible. It is important to emphasize that our customer service teams are operating as usual. ‘habit.”
A government spokesperson said: “We are aware that South Staffordshire Plc has been the target of a cyber incident. Defra and NCSC are working closely with the business.
“Following extensive engagement with South Staffordshire Plc and the Drinking Water Inspectorate, we are reassured that there is no impact on the continued supply of drinking water, and the company is taking all necessary steps to investigate this incident.”