Another ransomware attack, another critical infrastructure. The victim is from UK this time and it doesn't mean that the next victim won't be in the country you are living in.
A water company in UK was compromised by a ransomware gang.
It seems that ransomware attacks on critical infrastructures will continue increasingly until it is understood that critical infrastructures are really CRITICAL.
https://www.theregister.com/2022/08/18/clop_ransomware_uk_water/
https://www.thameswater.co.uk/network-latest/cyber-hoax
https://www.south-staffs-water.co.uk/news/important-statement
https://threatpost.com/water-supplier-hit-clop-ransomware/180422/
"A water company in the drought-hit UK was recently compromised by a ransomware gang, though initially it was unclear exactly which water company was the victim.
Clop, a prolific Russian-speaking gang known for extorting industrial organizations, claimed on its website that it had broken into and stolen data from Thames Water – which supplies water to about 15 million people, including those in the capital, London.
The cybercriminals said that after negotiations with the water company broke down, they published a raft of stolen documents, from passport scans and driver's licenses to screenshots of software user interfaces. They claimed to have more than 5TB of data taken from the victim organization, as well as access to some SCADA systems.
They also taunted Thames Water, writing they had spent months inside the company's network and that it had 'very bad holes in their systems.'"
"The company admitted that its corporate IT network was disrupted and that it is working with government and regulatory agencies to investigate the intrusion.
Within a couple of days, Clop updated its website, saying it was South Staffordshire that it attacked, and not Thames."
"Chris Vaughan, area vice president of technical account management for EMEA for Tanium, noted the increasing attacks on utilities and other critical infrastructure.
"'This is a trend which, unfortunately, I expect to continue,' Vaughn told The Register in an email. 'It's also a worrying reflection of the rapidly growing ransomware market, with major incidents being reported regularly. These attacks are growing in sophistication, and criminal gangs are becoming more targeted in their approach and increasing the huge sums of money that they are demanding.'
Clop has been an active ransomware group over the past several years. According to a report earlier this year by Trend Micro, the malware evolved from a variant of the CryptoMix ransomware family and was first tagged with the Cl0p name in 2019..."
"A year ago, six suspected members of the gang were arrested in Ukraine. Trend Micro noted reports that only parts of the ransomware group's operations were disrupted, including the server infrastructure used by affiliates and channels needed for laundering cryptocurrency-based ransom payments.
The cybersecurity firm estimated that through November 2021, the Clop group had pulled in $500 million."
No comments:
Post a Comment