Bitcoin ransomware gang claims to have hacked major UK water provider
A ransomware group that has reportedly extorted more than $100 million in bitcoin ransoms since 2022 claims that it has hacked a large UK water firm and is holding it to ransom.
Black Basta announced via its Tor site this week that it had stolen 750 gigabytes of sensitive data, including passports, driving licenses, employee information, and corporate documents from Southern Water.
As reported by Computing, Black Basta has given Southern Water six days to pay a ransom or it will publish the stolen data on February 29.
The firm says it’s aware of the leak and noted it “previously detected suspicious activity, and had launched an investigation, led by independent cyber security specialists.”
We’re aware of a claim by cyber criminals that data has been stolen from some of our IT systems. We currently have no evidence customer relationships or financial systems have been affected. Our services are operating normally and we’ve notified regulators https://t.co/jdRVbq4Iup
— Southern Water (@SouthernWater) January 23, 2024
It also confirmed that a sample of stolen data had been published, but added that “there is no evidence that our customer relationships or financial systems have been affected.” It has since flagged the issue to the UK government and regulators.
Southern Water reportedly has an annual turnover of £1 billion, provides water to 2.5 million customers, employs 6,000 people, and was fined £90 million in 2020 for dumping sewage into the sea.
While the ransom is currently undisclosed, it’s likely to be a large sum of bitcoin given that Black Basta is reported to have made $107 million in previous bitcoin ransom payments. The group also reportedly relied on the Garantex crypto exchange to move its laundered funds.
According to the UK’s National Cyber Security Centre, the development of artificial technologies (AI) will only increase the volume of ransomware attacks taking place. Indeed, the UK’s British Library and Royal Family have been threatened by ransomware groups in the past few months alone.