The operators of the BlackCat ransomware (aka ALPHV) claimed responsibility for hacking Creos Luxembourg, which operates a gas pipeline and electricity grid in central Europe.
Encevo, which owns Creos Luxembourg and is an energy supplier to five EU countries, announced last week that it was hacked between July 22 and 23. As a result of this incident, the Encevo and Creos Luxembourg customer portals were unavailable, although there were no delays or service interruptions.
Let me remind you that we also wrote that BlackCat ransomware gang publishes leaked data on the clear web site.
On July 28, the company released an update on the hack, stating that according to the preliminary results of the investigation, the attackers stole “some amount of data” from the systems they accessed.
It was reported that Encevo is not yet able to assess the consequences of the incident. The company asked customers to wait until the completion of the investigation, after which each of them should receive a personal notification. For now, all customers are advised to reset the passwords for their accounts that have been used to interact with the Encevo and Creos Luxembourg services. In addition, if these passwords were used for other sites, they should also be changed there.
Over the weekend, BlackCat published a post about the Creos Luxembourg hack, where hackers threaten to publish 180,000 files stolen from the company, totaling 150 GB. According to the attackers, this dump included contracts, agreements, passports, bills, and emails. Apparently, the group plans to publish information today.
Let me remind you that information security specialists believe that BlackCat is just a rebranding of the infamous BlackMatter/DarkSide malware. It is especially interesting that the hackers had to “rebrand” after the sensational attack on the largest pipeline operator in the United States, Colonial Pipeline, as this incident provoked interruptions in the supply of fuel and drew too much unnecessary attention to the hackers.
It seems the incident with Colonial Pipeline did not teach the hackers anything, since BlackCat had previously claimed responsibility for attacks on the German companies Oiltanking and Mabanaft, engaged in the transportation and storage of oil and petroleum products, and now the pipeline operator has again become the victim of the group.