A ransomware group, known for extorting over $100 million in bitcoin ransoms since 2022, has claimed to have hacked a major UK water firm and is holding it for ransom. Black Basta recently announced via its Tor site that it had obtained 750 gigabytes of sensitive data, including passports, driving licenses, employee information, and corporate documents from Southern Water.
Reported by Computing, Black Basta has given Southern Water a deadline of six days to pay a ransom, threatening to publish the stolen data on February 29 if their demands are not met. Southern Water has acknowledged the leak and stated that they had previously detected suspicious activity, launching an investigation conducted by independent cyber security specialists.
In a tweet, Southern Water addressed the claim by cyber criminals, affirming that they have no evidence of customer relationships or financial systems being affected and that their services are operating normally. They have also notified regulators and the UK government about the situation.
The firm also stated that they’ve confirmed a sample of stolen data had been published, but there is no evidence of customer relationships or financial systems being affected. It is important to note that Southern Water has an annual turnover of £1 billion, supplies water to 2.5 million customers, employs 6,000 people, and was fined £90 million in 2020 for unauthorized dumping of sewage into the sea.
While the ransom amount is currently undisclosed, it is expected to be a substantial sum of bitcoin, given Black Basta’s track record of obtaining large bitcoin ransom payments. The group is reported to have relied on the Garantex crypto exchange to move its laundered funds.
The UK’s National Cyber Security Centre has warned that the advancement of artificial intelligence (AI) technology will only lead to an increase in ransomware attacks. Notably, ransomware groups have recently targeted institutions like the British Library and even the Royal Family in the UK. This serves as a grave reminder of the growing threat posed by cyber attacks in the crypto and NFT industry.