Confused cyber criminals have hacked a water company in a bizarre case of mistaken identity

a-woman-holding-a-glass-of-water-under-a-kitchen-tap

Image: Getty/Kentaroo Tryman

A water company that supplies drinking water to over 1.6 million people in the UK says it has been hit by a cyber attack. But the criminal gang involved appears to have claimed it had breached a different water utilities firm.

South Staffordshire Water says it has been the “target of a criminal cyber attack” which is causing disruption to its corporate IT network, but hasn’t affected the company’s ability to provide safe drinking water to customers. 

“This is thanks to the robust systems and controls over water supply and quality we have in place at all times as well as the quick work of our teams to respond to this incident and implement the additional measures we have put in place on a precautionary basis,” the company said in a statement. 

South Staffordshire Water hasn’t divulged the nature of the cyber attack it has suffered, but the company revealed that it had been targeted by criminal hackers shortly after the Clop ransomware gang claimed to have hit another water company, Thames Water, who say that reports they’ve been breached are a “cyber hoax”. 

“We are aware of reports in the media that Thames Water is facing a cyber attack. We want to reassure you that this is not the case,” the company said. 

“As providers of an essential service we take the security of our networks and systems very seriously and are focussed on protecting them, so that we can continue to provide you with the services and support you need from us”. 

In a statement posted to its leak site, Clop claimed it has spent “months” in the company system. If that’s the case, it’s unclear why the ransomware gang thought it was in the network of Thames Water if it had actually breached the network of South Staffordshire Water — two separate companies that provide water to different parts of the UK. 

SEE: Ransomware: Why it’s still a big threat, and where the gangs are going next

The ransomware hackers also claim to have access to SCADA (Supervisory Control and Data Acquisition) industrial control systems that control chemicals in the water, a claim that South Staffordshire Water refutes. “This incident has not affected our ability to supply safe water,” the company said.

While Clop claims to have access to the network, the gang says it has not encrypted it, claiming “we do not attack critical infrastructure”. Despite that, Clop claims to have stolen more than 5TB of data and is trying to extort a ransom payment in exchange for not releasing it.

It’s currently unclear what sort of ransom demand has been made, or if the demands have been met – particularly if the attackers were apparently trying to extort a payment from the wrong target.

South Staffordshire Water says it’s “working closely with the relevant government and regulatory authorities” and that it will keep them, and customers, updated as investigations into the incident continue. 

ZDNet has contacted South Staffordshire Water and the Department for Environment, Food and Rural Affairs (DEFRA) but is yet to receive a response at the time of writing, while a National Cyber Security Agency (NCSC) spokeperson told us that it’s not possible to comment on an ongoing incident. 

NCSC CEO Lindy Cameron recently described ransomware as “the biggest global cyber threat we still face” and the cybersecurity agency has warned victims not to pay ransoms so as to not encourage further attacks. 

Members of the Clop ransomware gang were arrested in a sting by Ukrainian police last year, but this attack, alongside others, shows that the group seemingly remains active. 

MORE ON CYBERSECURITY

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.