South Staffordshire Water Targeted by Cyber Attack

South Staffordshire Water has announced that it has fallen victim to a cyber attack.

The criminal hackers claimed to have access to the organisation’s SCADA systems, which control industrial processes at treatment plants.

“It would be easy to change chemical composition for their water but it is important to note we are not interested in causing harm to people,” the group said.

South Staffordshire Water confirmed the breach in a statement but rebuffed the criminals’ claims that it could poison water supplies, insisting that it is “still supplying safe water to all of our Cambridge Water and South Staffs Water customers”.

The cyber attack comes amid a water crisis in the UK because of an ongoing drought. Residents are being urged to reduce the amount of water they use, while several water suppliers have imposed hosepipe bans.

Meanwhile, the UK Environment Minister, George Eustice, told water companies last week to take precautions to protect supplies.

He highlighted the need to fix leaking pipes, with the country losing almost 2.4 billion litres of water per day due to leaks.

“I have urged them to take any precautionary steps needed to protect essential supplies as we go into a likely very dry autumn,” Eustice said in a statement. He added: “All water companies have reassured me that water supplies remain resilient across the country.”

It’s therefore clear to see why a water supplier would make an excellent target for a cyber attack. South Staffordshire Water was reportedly infected with ransomware, which is a type of malware that encrypts the victim’s files and essentially locks them out of their systems.

Once this has happened, the ransomware will display a message demanding that the victim make a payment to regain access to their files.

For an organisation that is already under fire for leaking water in the middle of a drought, it would be easy to quietly pay up in the hope of avoiding a major scandal.

Fortunately, South Staffordshire Water has reported the incident and an initial investigation suggests that the damage is less extensive than first feared.

It credits this to “the robust systems and controls over water supply and quality we have in place at all times as well as the quick work of our teams to respond to this incident and implement the additional measures we have put in place on a precautionary basis”.

Cyber criminals bungle their attack

Although South Staffordshire Water didn’t disclose the nature of the breach, the Cl0p ransomware group has taken credit.

Well, sort of. In this case, the attackers made a crucial mistake: they forgot which organisation they breached.

Shortly before South Staffordshire Water released its statement, the extortionists posted online that they had breached Thames Water.

The criminal gang posted stolen documents on the dark web supposedly verifying the compromise. However, the stolen information didn’t match their claim, casting doubt on the veracity of the attack.

However, with the actual victim confirming the attack, it resolves the uncertainty.

South Staffordshire Water has not yet commented on whether it will pay the ransom. Experts advise against it, partly because there is no guarantee that the criminals will keep their word once they have been paid.

There’s also the moral issue, with successful ransom demands spurring further attacks and helping to fund other criminal enterprises.

If South Staffordshire Water has robust backups in place, it can avoid negotiating altogether. It can instead wipe the infected systems and rebuild them in a safe environment.

The process will take time and lead to continued delays, but that would be the case even if it paid the ransom and decrypted its files.

Plus, as South Staffordshire Water further investigates the breach, it might find that the damage isn’t as extensive as it first appears. Ransomware groups often exaggerate their claims to instil fear and to encourage the victim to pay up.

An initial probe suggests that this might have been the case here. A government spokesperson said: “We are aware that South Staffordshire Plc has been the target of a cyber incident. Defra and NCSC are liaising closely with the company.

“Following extensive engagement with South Staffordshire Plc and the Drinking Water Inspectorate, we are reassured there are no impacts to the continued safe supply of drinking water, and the company is taking all necessary steps to investigate this incident.”

Education is the key to ransomware prevention

The more your organisation talks about ransomware, the better prepared you will be to detect and prevent incidents. This is particularly true given that the majority of attacks begin with phishing emails. Cyber criminals hide the malware in an attachment that poses as a benign file, like an invoice or a report.

As such, employees are often the last line of defence, and it’s why we recommend enrolling them on regular staff awareness training courses. It will help them understand what ransomware is, how it works and their role in protect the organisation.

With IT Governance’s Ransomware Staff Awareness E-learning Course, you’ll receive all of this information and more.

We provide examples of ransomware attacks and the effects they have on business, as well as information on the main forms of ransomware and how they can be identified.

We also explain anti-malware software, demonstrating how it fits within your organisation’s policies and procedures, and offer tips on how to respond if you fall victim.