View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Luxembourg energy provider Encevo Group battles ransomware attack by BlackCat

Online systems still disrupted 12 days after cyberattack on Luxembourg energy provider began.

By Claudia Glover

Encevo Group, an energy conglomerate based in Luxembourg, is battling an ongoing cyberattack by ransomware-as-a-service gang BlackCat. Some digital services are still disrupted 12 days after the attack began, although the company says that energy supply has not been affected.

BlackCat is believed by researchers to include members of DarkSide, the now-defunct ransomware group that attacked US gas provider Colonial Pipeline last year, prompting a crackdown by international law enforcement.

luxembourg
Encevo Group, an energy conglomerate based in Luxembourg, is battling an ongoing cyberattack by ransomware-as-a-service gang BlackCat. (Image by Henryk Sadura / iStock)

Encevo Group cyberattack: how did it happen?

In a dark web blog post on Friday, BlackCat – also known as AlphV – claimed to have stolen 150Gb of data from Encevo Group, including contracts, agreements, passports, bills and emails. “At Monday we gonna publish the data we have,” it said, presumably having demanded a ransom.

Encevo Group revealed last week that two of its subsidiaries – electricity network and gas pipeline operator Creos and energy supplier Enovos – suffered a cyberattack on the night of 22 July, ‘negatively impacting’ their customer-facing portals.

It later confirmed that “a number of data were exfiltrated from computer systems or made inaccessible by hackers,” during the attack. “The group is currently making every effort to analyse the hacked data,” it said. “For the moment, the Encevo Group does not yet have all the information necessary to personally inform each person concerned.”

As of this morning, Evovos’ customer portal is still unavailable, citing a “technical problem”.

What is BlackCat?

BlackCat / AlphV is a strain of ransomware that encrypts files using AES encryption, according to research by security company Emsisoft. It was first detected in November 2021 and quickly claimed dozens of victims within its first few months of operation. Emsisoft estimates that there may have been a total of 776 AlphV incidents since the ransomware’s inception.

Last week, the group behind the BlackCat ransomware claimed Indian IT services company SRM Technologies as its latest victim, taunting the company’s head of cloud infrastructure on LinkedIn after the attack. It has also been linked to recent attacks on video game companies Bandai Namco and Roblox.

Content from our partners
Why enterprises of all sizes must  embrace smart manufacturing solutions
European Technology Leadership: Deutsche Bank CTO Gordon Mackechnie
Print’s role in driving the environmental agenda

BlackCat is likely a rebrand of a ransomware group known as BlackMatter, Emsisoft says, which in turn was a rebrand of DarkSide, the group notorious for its attack on US gas provider Colonial Pipeline last year. The Colonial Pipeline attack led to US president Joe Biden calling a national state of emergency. The ensuing crackdown by international law enforcement has disrupted many established ransomware groups, prompting an evolution of their tactics.

Energy suppliers are frequent targets for ransomware groups, given their economic value and potential for disruption. In the UK, energy companies suffered 24% of all cyberattacks last year, according to IBM’s threat intelligence research, more than any other sector.

IBM has also found that data breaches cost critical national infrastructure operators, such as energy providers, $1m more on average than other companies. This is in spite of the fact they typically detect and respond to data breaches faster than peers in other sectors.

Read more: Ransomware groups are getting smaller and smarter

Topics in this article: ,
Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU