August 17, 2022

Despite claims that 5T of data was breached and stolen from Thames Water, the UK’s largest water supplier, published data showed that the Clop ransomware had data from another water supplier.

The decision of the hackers to publish the data follows failed negotiations between the two parties involved. After Clop had revealed the stolen credentials, Thames Water interfered with the claims and noted that reports of Clop Ransomware, which violated its network, are nothing more than “cyber hoax” and that its operations are at full capacity.

A careful examination of the leaked showed spreadsheet and usernames and passwords that features South Staffordshire Water and South Staffordshire email addresses. Experts also revealed that one of the leaked documents sent to the attacked company was explicitly addressed to South Staffordshire PLC.

Therefore, it is very likely that Clop has misidentified their victim or that they are trying to extort a much larger company with false documents.

The ransomware gang, who realized their mistake, are now listing South Staffordshire Water as a victim on the extortion site.

South Staffordshire Water, which supplies 1.6 million consumers with 330 million litres of drinking water, has already confirmed a cyberattack that caused IT disruption.

The sources for this piece include an article in BleepingComputer.