Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Incidents

Ransomware Attack Hits Southern Water

January 23, 2024
Reading Time: 3 mins read
in Incidents

The Black Basta ransomware group has targeted Southern Water, a major UK water utility, claiming to have hacked the company and stolen sensitive data. Southern Water, responsible for wastewater management and public water supply in several regions, including Hampshire and Kent, is a significant player in the UK water industry with over 6,000 employees and an annual turnover exceeding £1 billion. The ransomware group, known for its double-extortion tactics, added Southern Water to its list of victims on its Tor data leak site, threatening to leak 750 gigabytes of stolen data, including personal and corporate documents, on February 29, 2024. The attackers published screenshots as proof, displaying passports, ID cards, and personal information of some employees.

The Black Basta ransomware gang has been active since April 2022, employing a double-extortion attack model to extract ransom payments. In early January, security researchers discovered a vulnerability in the ransomware’s encryption algorithm, leading to the creation of a free decryptor. A joint research effort by Elliptic and Corvus Insurance revealed that Black Basta accumulated at least $107 million in Bitcoin ransom payments since early 2022. The group has infected over 329 victims, including well-known entities such as ABB, Capita, Dish Network, and Rheinmetall. The researchers found a clear link between Black Basta and the Conti Group, and the ransomware gang laundered funds through the Russian crypto exchange Garantex.

SRLabs, a security research and consulting team, analyzed the encryption algorithm used by Black Basta and identified a weakness in its variant around April 2023. The ransomware uses encryption based on a ChaCha keystream, and the recovery of files depends on knowing the plaintext of 64 encrypted bytes in the right position. Files below 5,000 bytes cannot be recovered, while full recovery is possible for files between 5,000 bytes and 1GB in size. For larger files, the first 5,000 bytes may be lost, but the rest can be recovered with the right knowledge of plaintext. The group’s operations and financial transactions were scrutinized, revealing connections between Black Basta and the Conti gang and shedding light on their illicit activities.

Reference:
  • Black Basta posts UK water utility Southern Water
Tags: Black Basta ransomwareCyber Incidents 2024cyber-incidentCyberattacksJanuary 2024Southern WaterUnited Kingdom
ADVERTISEMENT

Related Posts

Ransomware Attack Causes Outage at Ingram

Ransomware Attack Causes Outage at Ingram

July 7, 2025
Ransomware Attack Causes Outage at Ingram

Call of Duty Players Hacked on Game Pass

July 7, 2025
Ransomware Attack Causes Outage at Ingram

RansomHub Claims Theft of Coppell City Data

July 7, 2025
Tech Incubator IdeaLab Discloses Data Breach

Tech Incubator IdeaLab Discloses Data Breach

July 4, 2025
Brazil’s CIEE One Exposes 248,000 Records

Brazil’s CIEE One Exposes 248,000 Records

July 4, 2025
McLaughlin & Stern Discloses Data Breach

McLaughlin & Stern Discloses Data Breach

July 4, 2025

Latest Alerts

APT36 Targets Indian Defense Linux Systems

hpingbot Botnet Uses Pastebin C2 Channel

Hackers Abuse Driver Signing For Malware

Google Removes 352 ‘IconAds’ Fraud Apps

Malicious Firefox Add Ons Steal Crypto Keys

Browser Cache Attack Bypasses Web Security

Subscribe to our newsletter

    Latest Incidents

    Ransomware Attack Causes Outage at Ingram

    Call of Duty Players Hacked on Game Pass

    RansomHub Claims Theft of Coppell City Data

    Tech Incubator IdeaLab Discloses Data Breach

    Brazil’s CIEE One Exposes 248,000 Records

    McLaughlin & Stern Discloses Data Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial