Clop Ransomware Gang Breaches Water Utility, Just Not the Right One

South Staffordshire in the UK has acknowledged it was targeted in a cyberattack, but Clop ransomware appears to be shaking down the wrong water company.

Uk man hole cover
Source: keith morris via Alamy

South Staffordshire plc, a UK water-supply company, has acknowledged it was the victim of a cyberattack. Around the same time, the Clop ransomware group started threatening Thames Water that it would release data it has stolen from the utility unless Thames Water paid up.

The problem? Thames Water wasn't breached. 

Apparently, Clop got its UK water companies confused. 

South Staffordshire serves about 1.6 million customers and recently reported that it was targeted in a cyberattack and was "experiencing a disruption to out corporate IT network and our teams are working to resolve this as quickly as possible." It added there has been no disruption on service. 

"This incident has not affected our ability to supply safe water, and we can confirm we are still supplying safe water to all of our Cambridge Water and South Staffs Water customers," the water company said. 

Meanwhile, Thames Water, the UK's largest water supplier to more than 15 million people, was forced to deny it was breached by Clop ransomware attackers, who threatened they now had the ability to tamper with the water supply, according to reports. 

"As providers of critical national infrastructure, we take the security of our networks and systems very seriously and are focused on protecting them, so that we can continue to provide resilient services to our customers and the environment,” the larger water company told the UK Mirror

While Clop seems to have its records all wrong, both water utilities mounted capable responses to the ransomware group's attack on critical infrastructure, according to Edward Liebig, global director of cyber ecosystem at Hexagon Asset Lifecycle Intelligence. 

"I’m impressed by South Staffordshire Water’s ability to defend against the cyberattack in the IT systems and buffer the OT systems from impact," Liebig said. "And had Thames Water not done an investigation of the 'proof of compromise,' they may very well have decided to negotiate further. In both instances, each organization did their due diligence."

About the Author

Becky Bracken, Senior Editor, Dark Reading

Dark Reading

Becky Bracken is a veteran multimedia journalist covering cybersecurity for Dark Reading.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights