IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

European energy company and gas pipeline hacked by AlphV ransomware

The ransomware gang responsible is also linked with the group that took down Colonial Pipeline a year ago

The AlphV ransomware group has successfully attacked several businesses owned by the Encevo Group, a large energy company based in Luxembourg.

AlphV uploaded sample files to its deep web platform on Friday evening, claiming to have stolen around 180,000 files totalling more than 150GB in size from Creos, which owns and operates electricity networks and natural gas pipelines in the country.

The data it claims to have stolen includes company contracts, agreements, passports, bills, and emails. The method of attack is double extortion which is typical for the AlphV group and many other contemporary ransomware operations.

One of the files uploaded for public viewing appears to be a recently expired passport. IT Pro has been unable to independently verify the legitimacy of the stolen files but Encevo has confirmed the breach on Creos and Enovos.

IT Pro has also requested further details on the company’s remediation strategy, but it declined to reply.

Encevo Group said the attack occurred between 22-23 July and “a certain amount of data was exfiltrated” but it was doing everything it can to analyse the hacked files.

The companies’ services are not believed to be affected, including all gas pipelines and electricity supplies. Encevo added that there is a breakdown service that is guaranteed to work should any attack-related issues arise, ensuring the continued supply of energy.

In addition to assurances of the attack, the company's phone and email systems remain online, as do its websites.

Creos told IT Pro that all relevant legal and regulatory authorities have been informed of the incident, and that ransomware was involved in the attack. Encevo classified the incident as a data breach rather than confirming it was ransomware.

“For now, the Encevo Group does not yet have all the information necessary to inform personally each potentially affected person,” it said. “This is why we ask our customers not to contact us for the moment.”

The Russia-affiliated ransomware group sometimes referred to as BlackCat, is one of the most prolific ransomware operations currently running.

Experts have alleged that the group has links to the now-disbanded DarkSide which was responsible for the attack on Colonial Pipeline a year ago.

“AlphV is a rebrand of BlackMatter which was a rebrand of DarkSide - and DarkSide was used in the attack on Colonial Pipeline,” said Brett Callow, threat analyst and Emsisoft. 

Callow also said that AlphV is “probably at least as busy as LockBit”, which was recently labelled as the most active ransomware operation running at present.

AlphV also claimed attacks on video game giants Bandai Namco and Roblox in July after the FBI issued an earlier warning over the group's success back in April.

Critical infrastructure and providers of critical services are increasingly targeted by cyber attacks due to the amount of disruption they can cause, and the notoriety a cyber criminal group can gain from causing such harm.

The attack on Colonial Pipeline last year demonstrated the importance of strong cyber security measures at businesses like these and drew so much attention from law enforcement agencies that the hackers were thought to have entered hiding as a result.

Much of the ransom ultimately paid to the hackers after the Colonial Pipeline attack was recovered by US authorities but the incident prompted a federal-level overhaul in cyber security practices to prevent an attack of its scale ever happening again.

Featured Resources

The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management

Free Download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits enabled by Watson Assistant

Free Download

The field guide to application modernisation

Moving forward with your enterprise application portfolio

Free Download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free Download

Recommended

Ransomware now strikes one in 40 organisations per week, Check Point finds
ransomware

Ransomware now strikes one in 40 organisations per week, Check Point finds

27 Jul 2022
Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT
ransomware

Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT

13 Apr 2022
Sabbath hackers are targeting US schools and hospitals
ransomware

Sabbath hackers are targeting US schools and hospitals

29 Nov 2021
US government warns of increased risk of ransomware over holiday season
ransomware

US government warns of increased risk of ransomware over holiday season

24 Nov 2021

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
The benefits of a hardware update for SMBs
Sponsored

The benefits of a hardware update for SMBs

2 Aug 2022