BlackCat Ransomware Says It’s Behind the Attack on Creos Luxembourg S.A.
Stolen Data, Consequences, and More.
BlackCat ransomware gang confirmed that it is responsible for the attack that occurred last week on Creos Luxembourg S.A., a company that owns and manages electricity networks and natural gas pipelines in the Grand Duchy of Luxembourg.
Encevo, the parent company of Creos and an energy provider in five EU countries, disclosed on July 25 that they had been the victim of a cyberattack over the weekend of July 22–23.
Although the cyberattack had rendered Encevo and Creos’ customer portals inaccessible, the services themselves remained unaffected.
The Stolen Data
According to the company’s update on the cyberattack published last Thursday, the initial findings of their investigation showed that the malicious actors had stolen “a certain amount of data” from the systems they managed to access.
The European pipeline and energy supplier asked customers to be patient while the investigations were ongoing as it was not yet possible to determine the extent of the impact. Additionally, every client received a customized notice.
This process is probably still in progress because no new information has been posted on Encevo’s media portal. The company announced that as soon as additional details are made available, they will be posted on a webpage especially created for the cyberattack.
For the time being, it is advised that all customers reset their online account credentials, which they utilized to access Encevo and Creos services. Customers should also change their passwords on other websites if they are the same.
Creos has been contacted by Bleeping Computer to ask for more information about the consequences of the cyberattack, but a representative of the company refused to comment on the matter.
What Did the BlackCat Say?
On Saturday, Creos was added by the ALPHV/BlackCat ransomware organization to its extortion website, being threatened to have its data leaked. The ransomware group claims to have 180,000 stolen files totaling 150 GB in size, including contracts, agreements, travel documents, invoices, and email accounts.
The ransomware gang has recently released a brand-new extortion platform where they allow visitors to search for stolen data in an effort to put more pressure on their victims to pay a ransom.
BlackCat keeps coming up with new methods for data extortion, but they seem to make the same mistakes, going after high-profile organizations, which puts them in the sights of international law enforcement authorities.