A notorious ransomware gang has claimed responsibility for a cyber attack against natural gas and electricity provider Creos in Luxembourg last week.
The ransomware group ALPHV/BlackCat declared it was behind the cyber attack, which was carried out on July 22 and 23, that caused the customer portals of the company and its owners, European Union energy supplier Encevo, to become unavailable. The utilities' main services, however, were not affected.
150GB of Confidential Company Files Stolen
In a dark web blog post on Friday, AlphV/BlackCat claimed to have stolen 150Gb of data from the Encevo Group, including contracts, agreements, passports, bills and emails. It threatened to publish the files on its extortion platform.
Encevo posted initial results of their investigation of the cyber attack on July 28, saying that hackers took "a certain amount of data" from the compromised systems.
Encevo did not give any estimate on the scope of the cyberattack's impact and just appealed to customers to be patient until its investigations on the incident concluded.
Encevo has since not released any updates with investigations still ongoing. When new information is available, Encevo said it will be post them on a dedicated webpage for the cyberattack.
Encevo Customers Advised to Reset Online Credentials
Encevo, however, has advised customers to reset their online account credentials in their interactions with Encevo and Creos services. Furthermore, if those passwords are the same at other sites, customers should change their passwords on those sites as well.
Read also: Sports Brand Mizuno Suffers Ransomware Attack, Orders Delayed: Is There A Way to Prevent Malware?
The ALPHV/BlackCat threatened to publish the 180,000 hacked files, which include contracts, agreements, passports, bills, and emails in its newly launched extortion site that makes stolen confidential data from their hacked systems publicly available and searchable.
Pressuring Victims to Pay Ransom to Avoid Publishing of Confidential Files
ALPHV/BlackCat's extortion platform puts pressure on their victims to make them pay a ransom if they don't want the files be made public.
Ransomware Activities from DarSide to BlackCat: Gang Never Learned from Mistakes
Even as it innovates its illegal activities, BlackCat seems to have never learned from their mistakes as it targets high-profile companies that will bring them under the watchful eye of law enforcement.
BlackCat is believed to be a rebrand DarkSide operation that shut down amid pressure from U.S. law enforcement after its prominent ransomware hit on Colonial Pipeline.
After shutting down DarkSide, the group renamed itself as BlackMatter to evade law enforcement, but the pressure went on, leading to their shut down anew.
When the ransomware group further relaunched as BlackCat/ALPHV, the hackers has since avoided big U.S. targets and instead victimized European companies instead, such as Italian fashion chains, a Swiss airport service provider, and Austrian states.
However, it seems the group has still not learned from their past errors and attacked critical infrastructure, such as the German petrol supply firm Oiltanking in February and now Luxembourg's Creos, making them juicy targets of European law enforcement.
Relate Article : New Ransomware Gang 'Black Basta' Emerges - Here's How To Fight Them