UK Cybercrime Journal: Inside the Cl0p attack on South Staffs Water (opens in new tab)

What Happened:On 11 May 2026, the UK Information Commissioner’s Office (ICO) fined South Staffordshire Water £963,900 after the Cl0p ransomware group lurked completely undetected in its network for nearly two years. Initial access reportedly occurred via a malicious phishing email in September 2020, which downloaded Cl0p’s Get2Loader malware and their SDBBOT backdoor to establish persistence. The breach itself, however, was only discovered two years later in July 2022 when staff began investi...