Ransomware attack on Southern Water cost Â45 million
p
ppA Russia linked ransomware group has so far cost Southern Water Â45 million in addition to compromising the data of approximately 10 of customersppThe ransomware attack on Southern Water approximately one year ago by the Russialinked Black Basta group has cost the utility provider more than Â45 million to date according to the utility companyâs annual reportppAn extract from the publicly available Southern Water annual report saysppâin February 2024 we announced that data from a limited part of our server estate had been stolen through an illegal intrusion into our IT systems We engaged external cyber security experts and legal advisers in response as well as contacting anyone whose personal data may have been at risk We have incurred Â45 million in responding to this exceptional incident during the yearâppSouthern Water provides water to more than 25 million customers across Kent Sussex Hampshire and the Isle of Wight approximately 10 of which had data compromised by the attackppThe Register spotted a reference to a 750000 payment in the thousands of internal messages from the Black Basta gang which were leaked two weeks ago When asked by The Register to confirm whether this ransom had been paid Southern Water said the followingppAs soon as we became aware over a year ago of an illegal intrusion affecting our IT systems not affecting our operations or services to customers we informed all relevant bodies including NCSC and Defra We and our advisers worked closely with NCSC throughout the incidentâppGuidance from the NCSC for companies considering payments to ransomware attackers can be found hereppThe leaked Black Basta logs indicate that the ransomware group first tried to extort 35 million from Southern Water following the attack last year After making it clear that this demand would not be met and explaining that that the utility is privately owned and is not the largest in the UK that accolade belongs to the beleaguered Thames Water a negotiator appears to offer 750000 to the groupppâthe Board is ready to increase our numbers to show you that were taking this negotiation seriously and hope to reach an agreement with you sooner rather than later Were now offering to pay you 750000 in exchange for a speedy resolution of this incident If this works for you well be happy to proceed further with next steps So please let me knowppSubsequent chat logs suggest that the company paid although The Register does point out that the BlackBastaGPT tool created to analyse the logs is prone to hallucinationsppThe government is presently consulting on whether to ban the public sector and private companies classified as critical national infrastructure CNI from paying out to ransomware operators The consultation closes in Aprilp
ppA Russia linked ransomware group has so far cost Southern Water Â45 million in addition to compromising the data of approximately 10 of customersppThe ransomware attack on Southern Water approximately one year ago by the Russialinked Black Basta group has cost the utility provider more than Â45 million to date according to the utility companyâs annual reportppAn extract from the publicly available Southern Water annual report saysppâin February 2024 we announced that data from a limited part of our server estate had been stolen through an illegal intrusion into our IT systems We engaged external cyber security experts and legal advisers in response as well as contacting anyone whose personal data may have been at risk We have incurred Â45 million in responding to this exceptional incident during the yearâppSouthern Water provides water to more than 25 million customers across Kent Sussex Hampshire and the Isle of Wight approximately 10 of which had data compromised by the attackppThe Register spotted a reference to a 750000 payment in the thousands of internal messages from the Black Basta gang which were leaked two weeks ago When asked by The Register to confirm whether this ransom had been paid Southern Water said the followingppAs soon as we became aware over a year ago of an illegal intrusion affecting our IT systems not affecting our operations or services to customers we informed all relevant bodies including NCSC and Defra We and our advisers worked closely with NCSC throughout the incidentâppGuidance from the NCSC for companies considering payments to ransomware attackers can be found hereppThe leaked Black Basta logs indicate that the ransomware group first tried to extort 35 million from Southern Water following the attack last year After making it clear that this demand would not be met and explaining that that the utility is privately owned and is not the largest in the UK that accolade belongs to the beleaguered Thames Water a negotiator appears to offer 750000 to the groupppâthe Board is ready to increase our numbers to show you that were taking this negotiation seriously and hope to reach an agreement with you sooner rather than later Were now offering to pay you 750000 in exchange for a speedy resolution of this incident If this works for you well be happy to proceed further with next steps So please let me knowppSubsequent chat logs suggest that the company paid although The Register does point out that the BlackBastaGPT tool created to analyse the logs is prone to hallucinationsppThe government is presently consulting on whether to ban the public sector and private companies classified as critical national infrastructure CNI from paying out to ransomware operators The consultation closes in Aprilp
