Southern Water denies claims it offered $750,000 ransom to ransomware hackers

(Image credit: Shutterstock / hxdyl)

Southern Water avoids question on ransomware payout
February 2024 attack saw customer data stolen in apparent attack
It is left unclear if the payment was made or not

Southern Water has avoided confirming or denying claims it paid a ransomware demand to hackers following a major cyberattack.

News broke that the company suffered a ransomware attack back in February 2024 which reportedly saw it lose a lot of data to the attackers, data that ended up spilling on the dark web by an infamous ransomware operator known as Black Basta.

However recently, someone leaked approximately 200,000 messages exchanged between members of Black Basta, prompting security firm HudsonRock to create a BlackBastaGPT tool to help sift through the data easier.

Payment and other hallucinations

Journalists from The Register have now used the tool, in combination with raw chat data, to try and find out if Southern Water paid the ransom or not.

Apparently, the group demanded $3.5 million, which was too high for the water company, which allegedly asked to reduce the asking price to $750,000.

While the chat logs don’t clearly state if the terms were agreed, at one point a member allegedly said “These have already paid, remember?"

However The Register notes the GPT hallucinates a lot, and that the information should be taken with a grain of salt. Reaching out to Southern Water directly, it did not receive a clear response, with a spokesperson saying, "As soon as we became aware, over a year ago, of an illegal intrusion affecting our IT systems (not affecting our operations or services to customers), we informed all relevant bodies, including NCSC and Defra. We and our advisers worked closely with NCSC throughout the incident."

Southern Water is a utility company that provides drinking water and wastewater services to customers in the south of England, including Kent, Sussex, Hampshire, and the Isle of Wight. It operates water treatment facilities and sewerage systems.

Black Basta was formed in 2022, and has since targeted at least 500 organizations, with notable victims include Ascension Healthcare, Capita, ABB, and the American Dental Association.

We've rounded up the best password managers
Take a look at our guide to the best authenticator app
Orange confirms it suffered breach after hacker leaks company documents

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.