It has been reported that South Staffordshire Water “has been the target of a criminal cyber attack”, the company has confirmed. In a statement, it stressed it was “still supplying safe water to all of our Cambridge Water and South Staffs Water customers”.
Cl0p Ransomware Organization Has Claimed Responsibility
Although South Staffordshire Water withheld information about the breach’s nature, the Cl0p ransomware organization has claimed responsibility.
I guess, sort of. The attackers in this case made a critical error: they failed to remember which organization they broke into.
The extortionists claimed they had violated Thames Water in an internet posting made just before South Staffordshire Water issued its statement.
The criminal organization published stolen documents purportedly verifying the compromise on the dark web. The seized data, however, didn’t support their assertion, raising questions about the accuracy of the attack.
But now that the attack has been confirmed by the victim, there is no longer any doubt.
Will South Staffordshire Water Pay the Ransom?
Concerning whether it will pay the ransom, South Staffordshire Water has not yet made any comments. Experts advise against it, in part because there is no assurance that the offenders will honor their promises after receiving payment.
There is also the moral question, as successful ransom demands encourage other attacks and aid in funding other criminal activities.
South Staffordshire Water can stay out of negotiations entirely if it has reliable backups in place. Instead, it can erase the affected systems and reconstruct them in a secure setting.
Even if it paid the ransom and unencrypted its files, the process would take time and result in further delays.
The Damage Severity
Additionally, South Staffordshire Water may discover that the damage isn’t as severe as it first seems once it conducts further research into the breach. Ransomware organizations frequently exaggerate their claims in an effort to scare victims into paying the ransom.
Initial research indicates that this may have been the situation in this instance. “We are aware that South Staffordshire Plc has been the target of a cyber intrusion,” a government spokesperson stated. The corporation and Defra and NCSC are in frequent contact.
We are reassured that there are no effects on the ongoing safe supply of drinking water following considerable discussion with South Staffordshire Plc and the Drinking Water Inspectorate, and the company is taking all required actions to examine this event.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.