UK water firm potentially wrongly hit by Cl0p ransomware attack

SecurityWeek reports that U.K. water provider South Staffordshire has been hit by a Cl0p ransomware attack, but the ransomware gang has claimed to have breached Thames Water, which is the largest water and wastewater firm in the U.K., on its leak site. Despite naming Thames Water as its victim, Cl0p ransomware has posted files from South Staffordshire as proof of the attack. Files from South Staffs Water, a subsidiary of South Staffordshire, have also been leaked by Cl0p. Thames Water has denied being impacted by a ransomware attack but South Staffordshire confirmed that while its corporate IT network was disrupted by the intrusion, water supply has not been affected. Cl0p ransomware claimed that it was able to exfiltrate more than 5TB of data from its victim after compromising its supervisory control and data acquisition system and other systems, with Cl0p posting screenshots relating to its victim's human-machine interface systems. The legitimacy of the screenshots has been vouched by Radiflow CEO Ilan Barda. "... [W]hen an attacker gains access to such an internal OT computer they can also install a hidden malware that will further spread in the internal OT network and might eventually reach assets in which it can cause real damage," Barda added.