UK water supplier reports the disruption due to the cyber attack

A company supplying water for 1,6 million consumers daily confirmed the cyberattack

Water supply company suffered IT system outageCybercriminals use the sensitive water theme to target companies

UK water supplier that provides 330 million liters of drinking water to customers daily has released a statement that confirmed the IT disruption due to the cyberattack. The official report claims that the safety and water distribution systems were not affected and still operate uninterrupted, but the IT systems got impacted.[1] The disruption was avoided due to the robust systems and controls over water supply and quality that the company ensured.

It was not properly addressed or indicated what kind of hack or breach this was and if malware infection took place before the IT system disruption. The company only informed that the investigation continues with the help of government authorities and security agencies:

We are working closely with the relevant government and regulatory authorities and will keep them, as well as our customers, updated as our investigations continue.

The Incident was addressed quickly, and additional measures took place to avoid major issues and critical consequences, as the statement published by the company explains.[2] South Staffordshire Water also reassured customers that service teams and all the operations are working as usual, and there is no risk of outages due to this cybersecurity incident.

The mess caused by Clop ransomware?

Seems like the hackers have too much on their hands because the recent claims from Clop ransomware[3] gang criminals stated that their victim Thames Water suffered an attack and not the onion site is going to provide various data from the accessed system. However, the SCADA system that has been allegedly accessed and causing harm to 15 million customers is not related to Thames Water.

The company is UK's largest water supplier serving the river Thames and Greater London areas, but the statement from the official sources[4] has disputed these claims from hackers. The system was not corrupted, and operations stayed at full capacity. Clop ransomware gang says that the company has been informed about the security incident that affected systems.[5]

According to them, it was not encrypted, but criminals exfiltrated 5TB from the compromised systems. But the negotiations that supposedly took place have been unsuccessful, and the payment asked from the victim has not been transferred, so the group of criminals released a sample of stolen details on their site. The information includes stolen screenshots from water treatment SCADA systems, details of passports, and driver's licenses.

Spreadsheet of stolen data links to South Staffs Water instead

The published information listed various details, including the spreadsheet with usernames and passwords. The list includes the email addresses linked with accounts, and the majority of them are South Staff Water and South Staffordshire email addresses.

Other leaked documents included particular files addressed to the South Staffordshire PLC but got sent to the different firms that hackers targeted. Clop ransomware gang misidentified their victims or tried to extort money from a few companies at the time, supposedly. It is possible that these hackers wanted to attack larger companies using false evidence and gain money like this.

The attack is using the particularly sensitive topic of water because UK consumers suffer drought times. Eight areas in the country impose water ration policies and even hosepipe bans because of this. Cybercriminals often use these times to target companies and users randomly. That is happening with the Ukraine-Russia war and was active at the beginning of the Coronavirus pandemic.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions