Black Basta claims hack on Southern Water

Leaked data includes passports, ID cards and personal information

Black Basta claims hack on Southern Water

The Black Basta ransomware gang has claimed responsibility for hacking major water utility Southern Water.

The ransomware group, known for its double-extortion attack model, announced the breach on its Tor data leak site and has threatened to release 750 gigabytes of sensitive data, including personal and corporate documents, on 29th February 2024.

According to Security Affairs, the leaked data includes scans of Southern Water employees' passports, ID cards and personal information.

The ransom amount demanded by the Black Basta group remains unknown.

In a statement, Southern Water said it was aware of the claim and that a limited amount of data had been published.

About Black Basta

The Russian gang has been active since April 2022, and is notorious for its ransomware operations.

Earlier this month, security researchers discovered a vulnerability in Black Basta's encryption algorithm, leading to the creation of a free decryptor. However, recent reports suggest that the ransomware developers have fixed this issue, limiting the effectiveness of the decryptor to files encrypted before December 2023.

Black Basta has gained notoriety for accumulating at least $107 million in Bitcoin ransom payments since early 2022.

A joint research effort by Elliptic and Corvus Insurance revealed that the group has infected over 329 victims, including notable companies like ABB, Capita, Dish Network, and the M&S pension scheme. The researchers also uncovered a connection between Black Basta and the Conti group, with funds being laundered through the Russian crypto exchange Garantex.

Black Basta's ransomware employs a ChaCha keystream-based encryption algorithm, and a weakness was discovered in its variant around April 2023. This weakness allows the recovery of files depending on their size, with files below 5,000 bytes being irrecoverable, files between 5,000 bytes and 1GB fully recoverable, and files larger than 1GB having the first 5,000 bytes lost but the remainder recoverable if the plaintext of 64 encrypted bytes is known.

Despite the recent decryption breakthrough, Black Basta has reportedly patched the encryption routine bug, rendering the decryptor ineffective for newer attacks.

The group's threat to leak Southern Water's data underscores the ongoing challenges posed by ransomware attacks and the need for robust cybersecurity measures.