View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 1, 2022updated 21 Aug 2023 3:53pm

Luxembourg energy provider Encevo Group battles ransomware attack by BlackCat

Online systems still disrupted 12 days after cyberattack on Luxembourg energy provider began.

By Claudia Glover

Encevo Group, an energy conglomerate based in Luxembourg, is battling an ongoing cyberattack by ransomware-as-a-service gang BlackCat. Some digital services are still disrupted 12 days after the attack began, although the company says that energy supply has not been affected.

BlackCat is believed by researchers to include members of DarkSide, the now-defunct ransomware group that attacked US gas provider Colonial Pipeline last year, prompting a crackdown by international law enforcement.

Encevo Group, an energy conglomerate based in Luxembourg, is battling an ongoing cyberattack by ransomware-as-a-service gang BlackCat. (Image by Henryk Sadura / iStock)

Encevo Group cyberattack: how did it happen?

In a dark web blog post on Friday, BlackCat – also known as AlphV – claimed to have stolen 150Gb of data from Encevo Group, including contracts, agreements, passports, bills and emails. “At Monday we gonna publish the data we have,” it said, presumably having demanded a ransom.

Encevo Group revealed last week that two of its subsidiaries – electricity network and gas pipeline operator Creos and energy supplier Enovos – suffered a cyberattack on the night of 22 July, ‘negatively impacting’ their customer-facing portals.

It later confirmed that “a number of data were exfiltrated from computer systems or made inaccessible by hackers,” during the attack. “The group is currently making every effort to analyse the hacked data,” it said. “For the moment, the Encevo Group does not yet have all the information necessary to personally inform each person concerned.”

As of this morning, Evovos’ customer portal is still unavailable, citing a “technical problem”.

What is BlackCat?

BlackCat / AlphV is a strain of ransomware that encrypts files using AES encryption, according to research by security company Emsisoft. It was first detected in November 2021 and quickly claimed dozens of victims within its first few months of operation. Emsisoft estimates that there may have been a total of 776 AlphV incidents since the ransomware’s inception.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Last week, the group behind the BlackCat ransomware claimed Indian IT services company SRM Technologies as its latest victim, taunting the company’s head of cloud infrastructure on LinkedIn after the attack. It has also been linked to recent attacks on video game companies Bandai Namco and Roblox.

BlackCat is likely a rebrand of a ransomware group known as BlackMatter, Emsisoft says, which in turn was a rebrand of DarkSide, the group notorious for its attack on US gas provider Colonial Pipeline last year. The Colonial Pipeline attack led to US president Joe Biden calling a national state of emergency. The ensuing crackdown by international law enforcement has disrupted many established ransomware groups, prompting an evolution of their tactics.

Energy suppliers are frequent targets for ransomware groups, given their economic value and potential for disruption. In the UK, energy companies suffered 24% of all cyberattacks last year, according to IBM’s threat intelligence research, more than any other sector.

IBM has also found that data breaches cost critical national infrastructure operators, such as energy providers, $1m more on average than other companies. This is in spite of the fact they typically detect and respond to data breaches faster than peers in other sectors.

Read more: BlackCat posts luxury watchmaker Seiko to its victim blog

Topics in this article : ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.