17 August 2022

Ransomware gang target UK water supplier but send ransom demand to the wrong company


Ransomware gang target UK water supplier but send ransom demand to the wrong company

The Cl0p ransomware gang appears to have breached at least one water supply company in the United Kingdom, but it’s not exactly clear which supplier was hacked.

Cl0p announced on its dark web leak site they have compromised the systems of Thames Water, one of the UK’s largest drinking water utility and allegedly stole 5TB of data. Furthermore, the threat actors claimed to have access to water treatment SCADA systems and “these systems which control chemicals in water.” After ransomware negotiations reportedly fell through, the gang published the sample of stolen data, including passports, screenshots from SCADA systems, and driver’s licenses.

However, when security researchers started to analyze the leak it became clear that the gang may have named the wrong victim, as the published data contained a spreadsheet featuring email addresses belonging to South Staffordshire PLC, another UK water utility.

Thames Water disputed Cl0p’s claims and said that the alleged attack was a “cyber hoax” and denied any breach of its systems.

Meanwhile, South Staffordshire has confirmed it has indeed suffered a hack. In a short statement on its website the company explained that it has experienced disruption to its corporate IT network, but the incident has not affected water supply. The supplier has not shared additional details regarding the breach. The company said it was working with government and regulatory authorities to resolve the incident. 


Back to the list

Latest Posts

Cyber security week in review: September 23, 2022

Cyber security week in review: September 23, 2022

The world in brief: Cryptomarket maker Wintermute robbed of $160M in a hack, old Python bug potentially affects 350,000 open-source projects, and more.
23 September 2022
Unpatched 15-year-old Python vulnerability puts at risk over 350,000 open-source projects

Unpatched 15-year-old Python vulnerability puts at risk over 350,000 open-source projects

The vulnerable Python tarfile module is found extensively in frameworks created by Netflix, AWS, Intel, Facebook, Google and other software.
22 September 2022
Malicious actors continue to abuse Google Tag Manager tool to install e-skimmers

Malicious actors continue to abuse Google Tag Manager tool to install e-skimmers

The researchers said they discovered three variants of malicious scripts hidden within GTM containers that function either as e-skimmers or as downloaders for installing e-skimmers.
21 September 2022