The target company, Southern Water, confirmed the breach and reported that a limited amount of data had been compromised.
Black Basta, an infamous ransomware group that has reportedly ransomed over $100 million worth of Bitcoin since 2022, has announced that it has successfully hacked a major British water company and is now holding it for ransom.
The cybercriminals published a snippet of the stolen data, which includes sensitive information such as passports, driver’s licenses, employee details and corporate documents.
How Ransomware Works
“In essence, ransomware is a financial transaction,” the UK National Cyber Security Center (NCSC) points out. The malware that infects a computer encrypts it and hijacks the data, and so that the victims can recover it, it asks for a payment in exchange, usually in cryptocurrencies.
These types of vulnerabilities are currently “rare” in enterprise environments, according to the NCSC. “Most enterprise ransomware incidents we see today use more traditional network intrusion methods, with the attacker spending days (if not weeks) inside the network, before finally deploying the ransomware right where they believe it will have the greatest impact.”
As soon as the victims realize they have been hacked, they want is to “recover their data and ensure that their business can operate again.” However, the NCSC warns that “The real problem is that ransomware is often just a visible symptom of a more serious network intrusion that may have persisted for days, and possibly longer.”
Stolen 750 GB of Confidential Data
According to recent reports, the Bitcoin ransomware gang announced the breach on its Tor site, claiming to have gained unauthorized access to Southern Water’s IT systems and stolen 750 gigabytes of sensitive data.
The stolen information includes scans of identity documents such as passports and driving licenses, human resources-related documents containing personal data of potential clients such as addresses, dates of birth, nationalities and email addresses, and corporate car leasing documents. that expose personal information.
Southern Water, which provides water services to 2.5 million customers and wastewater services to 4.7 million customers in the south of England, is investigating the breach. While the company confirmed the theft of a limited amount of data, it found no evidence that customer relationships or financial systems were compromised.
However, leaked details suggest Southern Water employees and customers may have been affected. The company has committed to notifying anyone whose data may have been stolen and has informed the UK government, regulators and the Information Commissioner’s Office (ICO) about the incident.
Over $100 Million in Bitcoin Ransoms
Black Basta is a Russian ransomware gang that has been active since April 2022 and has gained notoriety for racking up at least $107 million in Bitcoin ransom payments. The Bitcoin ransomware gang has reportedly targeted more than 329 victims, including prominent companies such as ABB, Capita, Dish Network and M&S pension scheme.
Based on ChaCha’s keystream, the group’s encryption algorithm discovered a vulnerability in April 2023, allowing some recovery of files depending on their size. However, recent reports indicate that the ransomware developers have fixed this weakness, rendering the decryptor ineffective for more recent attacks.
The Southern Water data breach highlights the persistent challenges of ransomware attacks and the urgent need for robust cybersecurity measures. While security researchers may occasionally find vulnerabilities in ransomware algorithms, cybercriminals are quick to adapt and fix these weaknesses.
As the investigation continues, affected parties should take necessary steps to protect their data and strengthen their defenses against future attacks.
By Audy Castaneda
