Blackcat / ALPHV Ransomware Attack Hits Luxembourg-based Critical Infrastructure Companies

August 6, 2022

INCIDENT

A ransomware gang with direct ties to the group behind last year’s attack on Colonial Pipeline has struck again. This time hitting a Luxembourg-based critical infrastructure companies pipeline Creos and electricity operator Enovos. Encevo, the parent company of both business units, said data was exfiltrated during the attack between July 22 and 23, rendering the customer portals of Creos and Enovos non operational. The company said electricity and gas are still flowing to customers without interruption.

Threat actor ALPHV, also known as BlackCat, claimed responsibility for the attack on July 29 . In a post on a leak site, the group claims it exfiltrated 180,000 files totaling 150 gigabytes from Creos and threatened to publish the data. The group said the data includes contracts, agreements, passports, bills, and emails.

Incident Date

July 22, 2022

Location

Luxembourg

Estimated Cost

Unknown, 150GB/180,000 files stolen

Type of Malware

No Malware identified

Threat Source