Southern Water's actions will show how reliable the updated cryptographer is.
A major British firm, Southern Water, responsible for water supply and sanitation in the south of England, including the counties of Hampshire, the Isle of Wight, West and East Sussex, as well as parts of Kent, was subjected to a cyber attack.
On January 24, 2024, the Black Basta hacker group published a statement on its website about hacking into Southern Water's computer networks and stealing 750 gigabytes of confidential data. The stolen information includes personal documents of employees (passports and identity cards), as well as internal corporate information.
The attackers threatened to publish the stolen data on February 29, if they do not receive a ransom from the company. The ransom amount is still unknown. As evidence of hacking, hackers published screenshots of some of the stolen files.
Black Basta specializes in extortion and blackmail. It has been active since April 2022 and attacks large companies around the world. During this time, according to experts from Elliptic and Corvus Insurance, criminals earned more than $ 107 million in bitcoins by hacking at least 329 organizations, including ABB, Capitals, Dish Network and Rheinmetall corporations.
The group uses a double extortion model: first, it encrypts the victim's data, and then, if they refuse to pay, publishes some of the stolen information. By analyzing transactions on the Bitcoin blockchain, experts have established a close connection between Black Basta and the Conti hacker group that was disbanded in 2022. Presumably, Black Basta is just a rebranding.
The main channel for laundering stolen funds for Black Basta is the Garantex crypto exchange. It is through it that hackers convert bitcoins into fiat money.
In December 2023, researchers from SRLabs conducted a detailed analysis of the encryption algorithm that Black Basta uses. It was found to have a significant flaw that allows you to recover encrypted files under certain conditions.
Depending on the file size, the virus encodes only the first 5 thousand bytes. Smaller files cannot be restored. However, materials from 5 thousand to 1 GB can be completely decrypted if 64 bytes of plaintext in a certain fragment are known.
Based on this information, special utilities were created that allow victims to recover encrypted information if the attack occurred before December 2023. Unfortunately, shortly after the study was published, hackers patched a vulnerability in their virus.
The Southern Water incident was the first high-profile Black Basta attack in 2024, using an already modified version of the malware. Now the company will have to make a difficult decision — go along with the ransomware or try to find an alternative way out of this situation. The outcome of this incident will show how effective the improved Black Basta tools are.
A major British firm, Southern Water, responsible for water supply and sanitation in the south of England, including the counties of Hampshire, the Isle of Wight, West and East Sussex, as well as parts of Kent, was subjected to a cyber attack.
On January 24, 2024, the Black Basta hacker group published a statement on its website about hacking into Southern Water's computer networks and stealing 750 gigabytes of confidential data. The stolen information includes personal documents of employees (passports and identity cards), as well as internal corporate information.
The attackers threatened to publish the stolen data on February 29, if they do not receive a ransom from the company. The ransom amount is still unknown. As evidence of hacking, hackers published screenshots of some of the stolen files.
Black Basta specializes in extortion and blackmail. It has been active since April 2022 and attacks large companies around the world. During this time, according to experts from Elliptic and Corvus Insurance, criminals earned more than $ 107 million in bitcoins by hacking at least 329 organizations, including ABB, Capitals, Dish Network and Rheinmetall corporations.
The group uses a double extortion model: first, it encrypts the victim's data, and then, if they refuse to pay, publishes some of the stolen information. By analyzing transactions on the Bitcoin blockchain, experts have established a close connection between Black Basta and the Conti hacker group that was disbanded in 2022. Presumably, Black Basta is just a rebranding.
The main channel for laundering stolen funds for Black Basta is the Garantex crypto exchange. It is through it that hackers convert bitcoins into fiat money.
In December 2023, researchers from SRLabs conducted a detailed analysis of the encryption algorithm that Black Basta uses. It was found to have a significant flaw that allows you to recover encrypted files under certain conditions.
Depending on the file size, the virus encodes only the first 5 thousand bytes. Smaller files cannot be restored. However, materials from 5 thousand to 1 GB can be completely decrypted if 64 bytes of plaintext in a certain fragment are known.
Based on this information, special utilities were created that allow victims to recover encrypted information if the attack occurred before December 2023. Unfortunately, shortly after the study was published, hackers patched a vulnerability in their virus.
The Southern Water incident was the first high-profile Black Basta attack in 2024, using an already modified version of the malware. Now the company will have to make a difficult decision — go along with the ransomware or try to find an alternative way out of this situation. The outcome of this incident will show how effective the improved Black Basta tools are.
