Black Basta, an infamous ransomware group that has allegedly ransomed over $100 million in Bitcoin since 2022, has announced that it has successfully hacked a major British water company and is now holding it for ransom. 

The cybercriminals released a snippet of the stolen data, which includes sensitive information such as passports, driver’s licenses, employee details, and corporate documents. The targeted company, Southern Water, confirmed the breach and said that a limited amount of data had been compromised.

Stealing 750GB Of Sensitive Data

According to recent reports, the Bitcoin ransomware gang announced the breach on its Tor site, claiming to have gained unauthorized access to Southern Water’s IT systems and stolen 750 gigabytes of sensitive data. 

The stolen information includes scans of identity documents like passports and driving licenses, human resources-related documents containing personal data of potential customers, such as addresses, dates of birth, nationalities, and email addresses, and corporate car-leasing documents exposing personal information.

Southern Water, which provides water services to 2.5 million customers and wastewater services to 4.7 million customers in southern England, is investigating the breach. 

While the company confirmed the theft of a limited amount of data, it found no evidence of customer relationships or financial systems being compromised. However, the leaked details suggest that Southern Water employees and customers may have been affected. 

The company has pledged to notify any individuals whose data may have been stolen and has informed the UK government, regulators, and the Information Commissioner’s Office (ICO) about the incident.

Over $100 Million In Bitcoin Ransoms

Black Basta is a Russian ransomware gang that has been active since April 2022 and has gained notoriety for accumulating at least $107 million in Bitcoin ransom payments. 

The Bitcoin ransomware gang has reportedly targeted over 329 victims, including notable companies like ABB, Capita, Dish Network, and the M&S pension scheme. 

Based on ChaCha keystream, the group’s encryption algorithm discovered a vulnerability in April 2023, allowing some file recovery depending on their size. However, recent reports indicate that the ransomware developers have patched this weakness, rendering the decryptor ineffective for newer attacks.

The breach of Southern Water’s data highlights the persistent challenges of ransomware attacks and the urgent need for robust cybersecurity measures. While security researchers may occasionally find vulnerabilities in ransomware algorithms, cybercriminals quickly adapt and fix these weaknesses. 

As the investigation unfolds, affected parties must take necessary steps to protect their data and strengthen their defenses against future attacks.

Featured image from Shutterstock, chart from TradingView.com