In a statement, it stressed that it “continues to provide safe water to all our Cambridge Water and South Staffs Water customers”. “This is due to the robust systems and controls we have in place around water supply and quality at all times, as well as the quick work of our teams to respond to this incident and implement the additional measures we have taken to preventive basis. .” The statement was released after a ransomware group known as Cl0p claimed to have breached the networks of a different water company. Using its darknet site as part of a cyber extortion effort, the group posted what appeared to be stolen identity documents. It is not clear how the criminals managed to misidentify the victim company. Along with the file release, the group criticized the company’s security and suggested that other hackers could break into the network and cause significant damage. Cl0p typically encrypts files on victims’ computer networks to render the computer systems unusable unless those victims make an extortion payment, often running into millions of dollars. In this case, Cl0p claims that it decided not to encrypt the company’s files. Instead, he demands an extortion payment to prevent the stolen data from being made public and to explain how he managed to break into the network. The group claims it can access the company’s SCADA (supervisory control and data acquisition) systems, which are the software used to manage industrial processes, such as those at water treatment plants. In another unverified claim disputed by South Staffs Water, the extortionists state: “It would be easy to change the chemistry of their water, but it is important to note that we are not interested in harming people.” Sophisticated systems Most water utilities have sophisticated systems in place to ensure their water quality, including several checks and balances that are resilient to individual subsystem failures. Ransomware groups often overstate their access to victims’ networks for extortion purposes, expecting their claims to be amplified in damaging news headlines. The UK’s National Cyber Security Center (NCSC) advises organizations not to make extortion payments, as they do not guarantee any action from attackers and also directly contribute to the success of the criminal enterprise. Ransomware ‘the biggest online threat’ NCSC chief executive Lindy Cameron said earlier this year: “Ransomware remains the UK’s biggest online threat and we do not encourage or condone paying ransoms to criminal organisations. “Unfortunately we have seen a recent increase in payments to ransomware criminals and the legal sector can play a vital role in reversing this trend. “Cyber security is a collaborative effort and we urge the legal sector to work with us as we continue our efforts to combat ransomware and keep the UK safe online.” In its statement, South Staffs said: “We are experiencing an outage to our corporate IT network and our teams are working to resolve this as quickly as possible. It is important to stress that our customer service teams are operating as usual.” A government spokesman said: “We are aware that South Staffordshire Plc has been the target of a cyber incident. Defra and the NCSC are working closely with the company. “Following extensive engagement with South Staffordshire Plc and the Drinking Water Inspectorate, we are reassured that there is no impact on the continued safe supply of drinking water and the company is taking all necessary steps to investigate this incident.”
