£4.5 Million Ransomware Bill for Southern Water After Black Basta Attack
Southern Water, a UK water supplier, recently disclosed the financial fallout from a Black Basta ransomware attack. The attack, which occurred in February 2024, resulted in expenses totaling £4.5 million ($5.7 million).
The Black Basta ransomware gang claimed responsibility. Southern Water confirmed a security breach. However, they stated that the attack did not affect operations, financial systems, or customer-facing systems. The company’s financial report detailed the £4.5 million cost.
“In February 2024 we announced that data from a limited part of our server estate had been stolen through an illegal intrusion into our IT systems,” the report stated.
Southern Water engaged cybersecurity experts and legal advisors. They also contacted individuals whose personal data might have been compromised. The £4.5 million covered the response to this incident.
This is the same amount spent on pollution management in the previous year. Reputational damage, legal fees, and potential regulatory issues are not included in this figure.
Operating costs diagram
Source: Southern Water
Negotiations and Leaked Information
Leaked internal chat logs from the Black Basta gang revealed negotiations. Southern Water reportedly offered £750,000 ($950,000).
The initial demand was $3,500,000. By the end of February 2024, Southern Water’s entry was removed from Black Basta’s extortion site. This suggests a possible agreement. When questioned about a ransom payment, Southern Water offered no further clarification.
Southern Water’s Scale and Operations
Southern Water serves 2.7 million customers for water and over 4.7 million for wastewater. The company delivers 570 million liters of water daily through a vast network. They also manage 1,522 million liters of wastewater.
Southern Water uses cybersecurity experts to monitor the dark web. They are actively checking for any data leaks affecting them or their clients. So far, no such leaks have been found.
