Southern Water, a major UK utility serving customers in the southern region of England, is currently investigating a significant cyber incident after the Black Basta ransomware syndicate claimed to have gained access to its systems. The Black Basta crew revealed limited details of the supposed intrusion on its Tor leak site on 22 January and has given Southern Water until 29 January to respond.

In response to this claim, a Southern Water spokesperson stated, “We are aware of a claim by cyber criminals that data has been stolen from some of our IT systems. We had previously detected suspicious activity and had launched an investigation, led by independent cyber security specialists. Since then, a limited amount of data has been published. However, at this point, there is no evidence that our customer relationships or financial systems have been affected. Our services are not impacted and are operating normally.”

The spokesperson further added, “We have informed the government, our regulators and the Information Commissioner’s Office; and we are closely following the advice of the National Cyber Security Centre (NCSC) as our investigation continues. If, through the investigation, we establish that customers’ or employees’ data has been stolen, we will ensure they are notified, in accordance with our obligations.”

Despite the attack, Southern Water’s IT systems have not suffered such disruption that its service provision has been affected. This comes as a small relief as the company is currently dealing with the aftermath of two recent winter storms in southern England.

Security experts have been quick to note that, although the attack is certainly concerning for customers, the outcome could have been much worse. For example, Trevor Dearing, Illumio director of critical infrastructure, highlighted that the gang’s goal appears to be data exfiltration rather than causing maximum disruption. He also emphasized the importance of implementing security strategies such as zero-trust to reduce the risk and impact of such attacks.

Tim West, head of Secure cyber threat intelligence, also stressed the need for water companies to prioritize applying security best practices to protect their services and customers.

Black Basta, the group behind the ransomware attack, has been a prominent player in the cybercrime world, with previous attacks on various organizations resulting in significant financial gains. Their typical modus operandi involves stealing sensitive information from a network, encrypting files, and demanding a ransom in exchange for the decryption keys. It has been reported that Black Basta has netted over $100 million in ransoms during its lifetime, with an average pay-off of $1.2 million.

Experts have warned that such ransomware groups often seek to gain financial leverage through the theft of sensitive data, which can be used as leverage when demanding ransom payments.

Despite the severity of the situation, Southern Water has assured its customers that its services are not impacted, and it is continuing to work closely with authorities and regulators to address the cyber incident.

As the investigation continues, Southern Water remains focused on protecting the data and personal information of its customers and employees, with the promise to notify them in accordance with its obligations if data theft is confirmed. The utility company is also taking guidance from the National Cyber Security Centre and other relevant agencies to mitigate potential risks and ensure the integrity of its IT systems.

Извор линк