The AlphV ransomware group has successfully attacked several businesses owned by the Encevo Group, a large energy company based in Luxembourg.
AlphV uploaded sample files to its deep web platform on Friday evening, claiming to have stolen around 180,000 files totalling more than 150GB in size from Creos, which owns and operates electricity networks and natural gas pipelines in the country.
The data it claims to have stolen includes company contracts, agreements, passports, bills, and emails. The method of attack is double extortion which is typical for the AlphV group and many other contemporary ransomware operations.
One of the files uploaded for public viewing appears to be a recently expired passport. IT Pro has been unable to independently verify the legitimacy of the stolen files but Encevo has confirmed the breach on Creos and Enovos.
IT Pro has also requested further details on the company’s remediation strategy, but it declined to reply.
Encevo Group said the attack occurred between 22-23 July and “a certain amount of data was exfiltrated” but it was doing everything it can to analyse the hacked files.
The companies’ services are not believed to be affected, including all gas pipelines and electricity supplies. Encevo added that there is a breakdown service that is guaranteed to work should any attack-related issues arise, ensuring the continued supply of energy.
In addition to assurances of the attack, the company's phone and email systems remain online, as do its websites.
Creos told IT Pro that all relevant legal and regulatory authorities have been informed of the incident, and that ransomware was involved in the attack. Encevo classified the incident as a data breach rather than confirming it was ransomware.
“For now, the Encevo Group does not yet have all the information necessary to inform personally each potentially affected person,” it said. “This is why we ask our customers not to contact us for the moment.”
The Russia-affiliated ransomware group sometimes referred to as BlackCat, is one of the most prolific ransomware operations currently running.
Experts have alleged that the group has links to the now-disbanded DarkSide which was responsible for the attack on Colonial Pipeline a year ago.
“AlphV is a rebrand of BlackMatter which was a rebrand of DarkSide - and DarkSide was used in the attack on Colonial Pipeline,” said Brett Callow, threat analyst and Emsisoft.
Callow also said that AlphV is “probably at least as busy as LockBit”, which was recently labelled as the most active ransomware operation running at present.
AlphV also claimed attacks on video game giants Bandai Namco and Roblox in July after the FBI issued an earlier warning over the group's success back in April.
Critical infrastructure and providers of critical services are increasingly targeted by cyber attacks due to the amount of disruption they can cause, and the notoriety a cyber criminal group can gain from causing such harm.
The attack on Colonial Pipeline last year demonstrated the importance of strong cyber security measures at businesses like these and drew so much attention from law enforcement agencies that the hackers were thought to have entered hiding as a result.
Much of the ransom ultimately paid to the hackers after the Colonial Pipeline attack was recovered by US authorities but the incident prompted a federal-level overhaul in cyber security practices to prevent an attack of its scale ever happening again.
-
Trump's AI executive order could leave US in a 'regulatory vacuum'News Citing a "patchwork of 50 different regulatory regimes" and "ideological bias", President Trump wants rules to be set at a federal level
-
TPUs: Google's home advantageITPro Podcast How does TPU v7 stack up against Nvidia's latest chips – and can Google scale AI using only its own supply?
-
15-year-old revealed as key player in Scattered LAPSUS$ HuntersNews 'Rey' says he's trying to leave Scattered LAPSUS$ Hunters and is prepared to cooperate with law enforcement
-
The Scattered Lapsus$ Hunters group is targeting Zendesk customers – here’s what you need to knowNews The group appears to be infecting support and help-desk personnel with remote access trojans and other forms of malware
-
Impact of Asahi cyber attack laid bare as company confirms 1.5 million customers exposedNews No ransom has been paid, said president and group CEO Atsushi Katsuki, and the company is restoring its systems
-
The US, UK, and Australia just imposed sanctions on a Russian cyber crime group – 'we are exposing their dark networks and going after those responsible'News Media Land offers 'bulletproof' hosting services used for ransomware and DDoS attacks around the world
-
A notorious ransomware group is spreading fake Microsoft Teams ads to snare victimsNews The Rhysida ransomware group is leveraging Trusted Signing from Microsoft to lend plausibility to its activities
-
Volkswagen confirms security ‘incident’ amid ransomware breach claimsNews Volkswagen has confirmed a security "incident" has occurred, but insists no IT systems have been compromised.
-
The number of ransomware groups rockets as new, smaller players emergeNews The good news is that the number of victims remains steady
-
Teens arrested over nursery chain Kido hacknews The ransom attack caused widespread shock when the hackers published children's personal data
