South Staffordshire Water Confirms Cyberattack
As the UK recovers from one of its worst droughts, the company was forced to reassure customers that the event had not harmed water supplies.
South Staffordshire Water, a company that provides 1.6 consumers daily with 330 million liters of drinking water, has confirmed an IT outage caused by a cyberattack in an official statement.
The supply of safe water to its customers and those of its subsidiaries, Cambridge Water and South Staffs Water, is unaffected by the disruption of the IT systems, as stated in the notice, since the safety and water distribution systems are still in operation.
As you’d expect our number one priority is to continue to maintain safe public water supplies. This incident has not affected our ability to supply safe water and we can confirm we are still supplying safe water to all of our Cambridge Water and South Staffs Water customers. This is thanks to the robust systems and controls over water supply and quality we have in place at all times as well as the quick work of our teams to respond to this incident and implement the additional measures we have put in place on a precautionary basis.
Additionally, South Staffordshire Water reassures its clients that all service teams are working normally, negating any possibility of prolonged disruptions as a result of the incident.
Is Cl0p Ransomware Behind the Attack?
The disclosure was made in response to the Clop ransomware gang making hacker claims against another water utility.
The attackers posted what seemed to be stolen identifying documents on their darknet website as part of an unsuccessful cyber-extortion attempt. It is unclear how the thieves were able to mistake the victim company for another.
Along with disclosing files, the group criticized the firm’s security and warned that further hackers would try to access the network and cause serious harm.
Cl0p often encrypts the data on victims’ computer networks in order to render those victims’ IT systems useless unless they pay an extortion payment, which is frequently in the millions of dollars.
Cl0p asserts that in this case, it decided not to encrypt the company’s files. Instead, it is requesting an extortion payment in order to stop the dissemination of the material that was taken and to provide proof of how it gained access to the network.
The organization asserts that it has access to the company’s SCADA (supervisory control and data acquisition) systems, which run the industrial management software needed to oversee processes at water treatment plants and other facilities that handle industrial materials.
According to Sky News, South Staffs Water refutes another unsubstantiated assertion made by the extortionists: “It would be easy to change chemical composition for their water but it is important to note we are not interested in causing harm to people.”
Never Pay the Ransom
The majority of water providers have complex systems in place to guarantee the quality of their water, including numerous checks and balances that can withstand the failures of a single subsystem.
For the purpose of extortion, ransomware gangs frequently exaggerate their access to victims’ networks in the hope that their claims would be repeated in negative news stories.
The National Cyber Security Centre (NCSC) of the UK cautions businesses against paying extortion demands because doing so both directly aids the criminal enterprise and does not ensure that the attackers would take any action.