Southern Water avoids question on ransomware payout

February 2024 attack saw customer data stolen in apparent attack

It is left unclear if the payment was made or not

Southern Water has avoided confirming or denying claims it paid a ransomware demand to hackers following a major cyberattack.

News broke that the company suffered a ransomware attack back in February 2024 which reportedly saw it lose a lot of data to the attackers, data that ended up spilling on the dark web by an infamous ransomware operator known as Black Basta.

However recently, someone leaked approximately 200,000 messages exchanged between members of Black Basta, prompting security firm HudsonRock to create a BlackBastaGPT tool to help sift through the data easier.

Payment and other hallucinations

Journalists from The Register have now used the tool, in combination with raw chat data, to try and find out if Southern Water paid the ransom or not.

Apparently, the group demanded $3.5 million, which was too high for the water company, which allegedly asked to reduce the asking price to $750,000.

While the chat logs don’t clearly state if the terms were agreed, at one point a member allegedly said “These have already paid, remember?"

However The Register notes the GPT hallucinates a lot, and that the information should be taken with a grain of salt. Reaching out to Southern Water directly, it did not receive a clear response, with a spokesperson saying, "As soon as we became aware, over a year ago, of an illegal intrusion affecting our IT systems (not affecting our operations or services to customers), we informed all relevant bodies, including NCSC and Defra. We and our advisers worked closely with NCSC throughout the incident."

Southern Water is a utility company that provides drinking water and wastewater services to customers in the south of England, including Kent, Sussex, Hampshire, and the Isle of Wight. It operates water treatment facilities and sewerage systems.

Black Basta was formed in 2022, and has since targeted at least 500 organizations, with notable victims include Ascension Healthcare, Capita, ABB, and the American Dental Association.