Ransomware group Black Basta claims to have successfully breached the security of British water company, Southern Water, and is currently holding it for ransom.

The group first posted this on its Tor leak site on 22 January 2024.

The group, known for its activities since April 2022, alleges to have ransomed over $100 million in Bitcoin.

The cybercriminals have released a snippet of the stolen data, consisting of sensitive information such as passports, driver's licenses, employee details, and corporate documents.

Southern Water has confirmed the breach, acknowledging the compromise of a limited amount of data.

Stolen Data

Reports reveal that Black Basta gained unauthorised access to Southern Water's IT systems, making off with 750 gigabytes of sensitive data.

The stolen information encompasses identity documents, human resources-related documents with personal details of potential customers, and corporate car-leasing documents exposing personal information.

Southern Water, responsible for water and wastewater services to millions in southern England, claims it is actively investigating the breach.

While the company has confirmed the theft of a limited amount of data, it denies evidence of compromises in customer relationships or financial systems.

However, leaked details suggest potential impacts on Southern Water employees and customers.

Despite the confirmation of the breach, the company assures its commitment to notifying individuals whose data may have been compromised.

Southern Water has also informed relevant authorities, including the UK government, regulators, and the Information Commissioner's Office (ICO).

Black Basta

Black Basta, the Russian ransomware gang behind the attack, has gained notoriety for accumulating over $107 million in Bitcoin ransom payments.

Since its inception, the group has targeted 329 victims, including well-known companies like ABB, Capita, Dish Network, and the M&S pension scheme.

The ransomware group's encryption algorithm, based on ChaCha keystream, reportedly faced a vulnerability in April 2023, allowing some file recovery based on their size.

However, recent reports indicate that the developers have patched this weakness, rendering the decryptor ineffective for newer attacks.