Skip to content

Clop ransomware gang asks the wrong company for ransom

  • by
  • 2 min read

The Clop Ransomware gang claimed that they’ve hacked Thames Water in an announcement on their onion site on August 16, alleging that they’ve accessed SCADA systems that can be used to disrupt water supplies to around 15 million customers. 

The attackers also claimed to have informed Thames Water of the security vulnerabilities and acted responsibly by not encrypting their data as Clop isn’t politically motivated and doesn’t attack critical infrastructure or health organisations. The hackers only extracted around 5TB of data from the breached systems. 

Thames Water has disputed these claims in a statement saying that Clop’s claims are “cyber-hoax” and their systems are uncompromised and running at full capacity. 

After ransom negotiations broke down, the hackers published the first sample of stolen data, including passports, driver’s licenses, screenshots from the water treatment SCADA systems and more. One spreadsheet in this trove of released data contains usernames and passwords featuring South Staff Water and South Staffordshire email addresses.

What seems to have happened here is that Clop accidentally ended up hacking South Staffordshire Water, which issued a statement confirming IT disruption from a cyber attack but tried to extort Thames Water instead. This is further confirmed by BleepingComputerwhich reports that one of the leaked documents sent to Thames Water is explicitly addressed to South Staffordshire PLC instead. 

The attacks come during an ongoing water crisis in the country, with eight areas already issuing water ration policies and imposing hosepipe bans. Hitting water suppliers during such times would, of course, put significant pressure on the hacked supplier to pay the ransom.

For that to happen, though, Clop now needs to redirect its ransom demands to the actual victim. However. any hopes of receiving a ransom might be lost on Clop now, considering South Staffordshire PLC already has a head start on fixing its systems and the publicity this hack has gathered.

In the News: Android 13 rolls out for Pixel devices

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>