Article Details
Scrape Timestamp (UTC): 2025-02-26 23:57:50.835
Original Article Text
Click to Toggle View
Southern Water says Black Basta ransomware attack cost £4.5M in expenses. United Kingdom water supplier Southern Water has disclosed that it incurred costs of £4.5 million ($5.7M) due to a cyberattack it suffered in February 2024. Southern Water is a private utility company in southern England, providing water services to 2.7 million customers and wastewater services to over 4.7 million customers across Kent, Sussex, Hampshire, and the Isle of Wight. The company supplies 570 million liters of water through a 13,973 km network daily and manages 1,522 million liters of wastewater via a 40,058 km sewer system. Roughly a year back, Southern Water announced that it suffered a security breach, which didn't impact its operations, financial systems, or customer-facing systems. The attack was claimed by the Black Basta ransomware gang, a notorious threat actor known for not hesitating to attack critical infrastructure. The company's financial report, first seen by DataBreaches.net, determines the cost of the Black Basta attack to be around £4,500,000 (page 98). "In February 2024 we announced that data from a limited part of our server estate had been stolen through an illegal intrusion into our IT systems," reads the report. "We engaged external cyber security experts and legal advisers in response, as well as contacting anyone whose personal data may have been at risk." "We have incurred £4.5 million in responding to this exceptional incident during the year." For perspective, the amount is the same as Southern Water paid for pollution management operations last year, not accounting for the reputational damage, legal fees, and potential regulatory scrutiny that may accompany cybersecurity incidents. Southern Water claims that it has contracted cybersecurity experts to continually monitor the dark web for data leaks impacting them or their clients, which has not occurred yet. Meanwhile, analysis of the leaked internal chat logs from the Black Basta ransomware gang revealed that the water treatment company allegedly proposed to pay the ransomware actors £750,000 ($950k) on February 12, 2024. Although the attackers initially demanded a payment of $3,500,000, by the end of February 2024, the company's entry was removed from Black Basta's extortion site, indicating that the two might have reached some agreement. When asked by The Register if the company paid the ransomware gang, a spokesperson repeated past statements that did not clarify anything.
Daily Brief Summary
Southern Water, a UK water utility company, incurred costs of £4.5 million due to a ransomware attack in February 2024.
The attack was executed by the Black Basta ransomware gang, which compromised part of the company's server estate and extracted data.
Despite the cyberattack, there was no reported impact on Southern Water's operations, financial systems, or customer-facing services.
The financial loss equivalent to the company's annual expenditure on pollution management; however, it does not account for potential reputational damage, legal, and regulatory costs.
Southern Water has engaged cyber security experts for ongoing monitoring of data leaks on the dark web; no leaks have been reported as yet.
Internal chat logs from Black Basta suggest that Southern Water may have negotiated down a ransom payment from an initial demand of $3.5 million to around $950,000.
The company has made no clear statement regarding whether the ransom was paid, despite the apparent conclusion of negotiations evidenced by their removal from Black Basta's extortion site.