Get in Touch Close Menu

Threat Intelligence on Recent Cyberattack by CL0P Ransomware Group   

24 August 2022

South Staffordshire Water   

The CL0P ransomware group claimed responsibility for the attack on UK-based utility provider South Staffordshire Water. However, they have said there is no impact on the water supply or drinking water safety.   

On its extortion website, CL0P uploaded a vast collection of stolen papers. These included passport scans, spreadsheets with administrator passwords, drivers’ licences, and, concerningly, screenshots of administration interfaces of wastewater treatment systems.   

Possible IOC’s   

Whist CL0P use broad malicious email campaigns to identify potential victims; recent evidence suggests that vulnerabilities in public-facing infrastructure are also exploited to gain a foothold within a victim’s network.   

Malicious Spam Campaigns   

CL0P malicious spam campaigns use information from previous victims, most likely to “cascade” their ransomware threat and attack other organisations and supply chains. Clients, associates, or suppliers of any victim organisation may be the subject of these malicious emails. 

Exposing Victims 

Thought to be a Russian-language cybercriminal group, CL0P is responsible for several infamous “big game hunter” ransomware attacks. Other cybercriminal groups have reported them as being associated with or adopting their malware.    

Utilising common ‘steal, encrypt and leak’ tactics as most well-organised and coordinated ransomware groups employ, victims who fail to meet ransom demands are promptly named and shamed on ‘CL0P^_- LEAKS’, the group’s Tor-hosted leak site. This is problematic as victims are often further targeted by other threat actors over long periods.  

Sapphire Security Operations Centre (SOC)   

The Sapphire Team will continue to monitor and collect intelligence about this incident and other activities that we believe can improve customer security, using our threat intelligence, threat hunting and investigation capabilities. 

Related Articles

Sapphire Acquires Awen to Expand IT/OT Services Portfolio
27 September 2023

Appointment of new CEO, Ian Thomas, and acquisition signals next phase of growth for wholly UK-based Sapphire Darlington, UK – 27th September 2023 – Sapphire, the UK based pure-play cyber security solutions provider, today announced the acquisition of Awen Collective, a cyber security software company dedicated to reducing the risks of cyberattacks to Operational Technology (OT). The acquisition […]

Find Out More
Data Breach Reporting: How Quickly Should It Be Done?
20 September 2023

Organisations must protect data and respond quickly and transparently during a data breach. However, despite their relentless efforts, data breaches remain a persistent and formidable threat. But, the good thing is that data breach reporting plays a crucial role in data protection. How quickly should a data breach be reported when it occurs? A slow […]

Find Out More
Authentication vs Authorisation: Understanding the Difference
15 September 2023

In today’s digital age, where information is a valuable asset and data breaches are a constant threat, ensuring the security of systems and sensitive information is paramount. Two fundamental concepts are pivotal in safeguarding digital assets: authentication vs authorisation. While often used interchangeably, these terms have distinct roles in information security. We will delve deep […]

Find Out More