Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Incidents

Ransomware Attack Hits Southern Water

January 23, 2024
Reading Time: 3 mins read
in Incidents

The Black Basta ransomware group has targeted Southern Water, a major UK water utility, claiming to have hacked the company and stolen sensitive data. Southern Water, responsible for wastewater management and public water supply in several regions, including Hampshire and Kent, is a significant player in the UK water industry with over 6,000 employees and an annual turnover exceeding £1 billion. The ransomware group, known for its double-extortion tactics, added Southern Water to its list of victims on its Tor data leak site, threatening to leak 750 gigabytes of stolen data, including personal and corporate documents, on February 29, 2024. The attackers published screenshots as proof, displaying passports, ID cards, and personal information of some employees.

The Black Basta ransomware gang has been active since April 2022, employing a double-extortion attack model to extract ransom payments. In early January, security researchers discovered a vulnerability in the ransomware’s encryption algorithm, leading to the creation of a free decryptor. A joint research effort by Elliptic and Corvus Insurance revealed that Black Basta accumulated at least $107 million in Bitcoin ransom payments since early 2022. The group has infected over 329 victims, including well-known entities such as ABB, Capita, Dish Network, and Rheinmetall. The researchers found a clear link between Black Basta and the Conti Group, and the ransomware gang laundered funds through the Russian crypto exchange Garantex.

SRLabs, a security research and consulting team, analyzed the encryption algorithm used by Black Basta and identified a weakness in its variant around April 2023. The ransomware uses encryption based on a ChaCha keystream, and the recovery of files depends on knowing the plaintext of 64 encrypted bytes in the right position. Files below 5,000 bytes cannot be recovered, while full recovery is possible for files between 5,000 bytes and 1GB in size. For larger files, the first 5,000 bytes may be lost, but the rest can be recovered with the right knowledge of plaintext. The group’s operations and financial transactions were scrutinized, revealing connections between Black Basta and the Conti gang and shedding light on their illicit activities.

Reference:
  • Black Basta posts UK water utility Southern Water
Tags: Black Basta ransomwareCyber Incidents 2024cyber-incidentCyberattacksJanuary 2024Southern WaterUnited Kingdom
ADVERTISEMENT

Related Posts

Infostealer Hidden in Steam Game

Hackers Target Amazon’s AI Code Bot

July 25, 2025
Infostealer Hidden in Steam Game

APTs Use Fake Dalai Lama Apps to Spy

July 25, 2025
Infostealer Hidden in Steam Game

Infostealer Hidden in Steam Game

July 25, 2025
Interlock Ransomware Threat Alert

Hackers Use Ransomware on SharePoint Servers

July 24, 2025
Interlock Ransomware Threat Alert

Data Breach Affects 340K Jobseekers

July 24, 2025
Interlock Ransomware Threat Alert

Beluga Vodka Ransomware Attack Reported

July 24, 2025

Latest Alerts

CastleLoader Uses Clickfix on Windows

Sophos, SonicWall Patch Critical RCE Bugs

Koske Malware Hides in Panda Images

Interlock Ransomware Threat Alert

GitLab Patches Key Vulnerabilities

Backdoor Found in WP Plugins

Subscribe to our newsletter

    Latest Incidents

    Hackers Target Amazon’s AI Code Bot

    APTs Use Fake Dalai Lama Apps to Spy

    Infostealer Hidden in Steam Game

    Data Breach Affects 340K Jobseekers

    Hackers Use Ransomware on SharePoint Servers

    Beluga Vodka Ransomware Attack Reported

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial