Updated on 2022-12-04
U.K. water supplier hacked: Not a great week for the 1.7 million customers of South Staffs Water and Cambridge Water in the U.K., whose parent company has confirmed a breach of customer bank details — though it’s not saying how many customers are actually affected (assume the worst). The water supplier is just coming clean now, months after the alleged ransomware hit its network in August, which we know because the ransomware group in question, Cl0p, claimed at the time that it had hacked the wrong victim. Read more:
- Ransomware Group Claims Access to SCADA in Confusing UK Water Company Hack
- South Staffs Water reveals data hack
Updated on 2022-12-02
British water supplier South Staffordshire Water recently notified that a Cl0p ransomware attack in August potentially compromised the bank details of its customers. Read more: Ransomware group may have stolen customer bank details from British water company
Updated on August 2022: Ransomware group claims access to water systems
Moving on. A case of mixed identity this week when the Cl0p ransomware group claimed a U.K.-based water company as its latest victim. But just one problem: they listed the wrong company. Cl0p said on its Tor leak site it hit Thames Water, which serves about a quarter of the U.K. population in the south of England. But actually, South Staffs Water, which serves 1.6 million people, released a statement saying it was targeted but only its corporate IT network was affected. Cl0p claimed to steal passports, driver’s licenses, and credentials, as well as screenshots of systems.
Among the usual stuffs like passport photos and etc, Clop ransomware gang published these screenshots in the leak page for Thames Water…
👀
🤔 pic.twitter.com/hqrPzekqbZ— MalwareHunterTeam (@malwrhunterteam) August 15, 2022
When attribution goes wrong!@Daily_Express appears to miss attribute a breach to @thameswater ! the actual victim appears to be another organisation!
CLOP #ransomware actor writes the wrong org name!#ThamesWater #NotHacked #Breach #Cyber #Incident #Cyber #Threat #Intel #CTI pic.twitter.com/DBprinK8hK
— mRr3b00t – staying here! 🤣 (@UK_Daniel_Card) August 15, 2022
Read more in
- Ransomware Group Claims Access to SCADA in Confusing UK Water Company Hack
- Important statement
- UK water company confirms cyberattack after confusion over ransomware group threats
Updated on May 2022: Cl0p returns
NCC Group is reporting a surge in activity from the Cl0p ransomware gang, with the group listing 21 new victims on its leak site over the past month. Prior to April 2021, the gang had greatly reduced its operations after several of its members responsible for money laundering were detained in Ukraine in June 2021.
Overview: Ukrainian Police Arrest Alleged Ransomware Operators
Police in Ukraine, with help from US and South Korean law enforcement agencies, have arrested six alleged members of the Cl0p ransomware group. Police also seized cash, computers, and automobiles. Cl0p’s recent targets include the University of Maryland, the University of California, and Stanford University Medical School.
Note:
- Great news and good to see another take down like this in Ukraine. Eliminating safe havens for cyber crime will go a long way to reducing and limiting the impact of these groups.
- Effective supranational law enforcement is essential to discouraging what, in its absence, will continue to be seen as a crime.
