Get in Touch Close Menu

Threat Intelligence on Recent Cyberattack by CL0P Ransomware Group   

24 August 2022

South Staffordshire Water   

The CL0P ransomware group claimed responsibility for the attack on UK-based utility provider South Staffordshire Water. However, they have said there is no impact on the water supply or drinking water safety.   

On its extortion website, CL0P uploaded a vast collection of stolen papers. These included passport scans, spreadsheets with administrator passwords, drivers’ licences, and, concerningly, screenshots of administration interfaces of wastewater treatment systems.   

Possible IOC’s   

Whist CL0P use broad malicious email campaigns to identify potential victims; recent evidence suggests that vulnerabilities in public-facing infrastructure are also exploited to gain a foothold within a victim’s network.   

Malicious Spam Campaigns   

CL0P malicious spam campaigns use information from previous victims, most likely to “cascade” their ransomware threat and attack other organisations and supply chains. Clients, associates, or suppliers of any victim organisation may be the subject of these malicious emails. 

Exposing Victims 

Thought to be a Russian-language cybercriminal group, CL0P is responsible for several infamous “big game hunter” ransomware attacks. Other cybercriminal groups have reported them as being associated with or adopting their malware.    

Utilising common ‘steal, encrypt and leak’ tactics as most well-organised and coordinated ransomware groups employ, victims who fail to meet ransom demands are promptly named and shamed on ‘CL0P^_- LEAKS’, the group’s Tor-hosted leak site. This is problematic as victims are often further targeted by other threat actors over long periods.  

Sapphire Security Operations Centre (SOC)   

The Sapphire Team will continue to monitor and collect intelligence about this incident and other activities that we believe can be of use to improve customer security, using our threat intelligence, threat hunting and investigation capabilities. 

Related Articles

AWS Buckets: There’s a Hole in my Bucket – Securing your Data in the Cloud 
6 September 2022

In 2021, AWS S3 accounted for roughly 60% of breaches.  

Like most data breaches, the AWS bucket incident resulted from an incorrectly configured bucket which exposed 36GB of data to the public. The information leaked included mortgage and customer demographics. 

Find Out More
Build a Business Case for a MSSP
18 August 2022

There are two options for organisations to manage and protect to their systems from threats.

The first is in-house security management. An in-house option is one where you have a dedicated team or person responsible for managing your cybersecurity. Ordinarily, in-house staff would be led by a Head of IT or Chief Information Security Officer (CISO) (or similar).

The other option is outsourcing your cybersecurity as a managed service. 

Find Out More
Five Ways to Reduce your Cyber Exposure 
1 August 2022

Improving your cybersecurity to reduce cyber exposure is an ongoing process.

Recent data suggests that there is a cyberattack every 39 seconds. Therefore, an organisation-wide cybersecurity plan is critical to tackling the constantly changing modern threat landscape. This article will discuss the five steps you can take to reduce your cyber exposure.

Find Out More