Energy (Includes Power and Utilities)

July 22, 2022: Blackcat / ALPHV Ransomware Attack Hits Luxembourg-based Critical Infrastructure Companies

A ransomware gang with direct ties to the group behind last year’s attack on Colonial Pipeline has struck again. This time hitting a Luxembourg-based critical infrastructure companies pipeline Creos and electricity operator Enovos. Encevo, the parent company of both business units, said data was exfiltrated during the attack between July 22 and 23, rendering the customer portals of Creos and Enovos non operational. The company said electricity and gas are still flowing to customers without interruption.

Threat actor ALPHV, also known as BlackCat, claimed responsibility for the attack on July 29 . In a post on a leak site, the group claims it exfiltrated 180,000 files totaling 150 gigabytes from Creos and threatened to publish the data. The group said the data includes contracts, agreements, passports, bills, and emails.

June 12, 2022: Energy Supplier Entega’s Customer Data Posted on the Dark Web after Ultimatum Expired

Hacker attacks paralyzed the websites of the regional utility Entega and the municipal utility Stadtwerke Mainz. There is no fear of supply interruptions for private and commercial customers, as these systems are separately secured.

At the same time as Entega, the lights also went out on the Stadtwerke Mainz website. Both companies are managed by their joint subsidiary, the IT service provider Count+Care. The malware got into the system because an employee had accidentally opened an email attachment. Entega's website and e-mail server were paralyzed as a result. The systems of the Darmstädter Bauverein and the Frankfurt utility company FES were also affected by the attack on Count+Care, an Entega subsidiary.

To repair the damage, the hackers apparently demanded a ransom of 15 million euros. Entega let the ultimatum expire without paying, and much of the customer data was leaked on the dark web. An Entega spokesman said the majority of customers could be affected, but to varying degrees. The investigation into the stolen data is still ongoing. According to Entega's annual report, the number of customer contracts at the end of 2021 was almost 700,000.

According to information from the Frankfurter Rundschau, the hacker gang "Black Cat" is said to be behind the attacks. The newspaper relies on information from an insider. "Black Cat" was recently also responsible for attacks on the IT systems in the Austrian state of Carinthia , where they also demanded a ransom.

February 24, 2022: German Wind Turbine Maker Enercon’s Services 90% Restored

German wind turbine maker, Enercon GmbH, is still restoring remote monitoring and maintenance capabilities for its turbines affected by a satellite outage at the end of February.
The company said over 90 percent of its 5,800 machines are online. The communication link has been restored for 1,156 wind parks in central Europe and service teams continue to work on the remaining 193 wind farms, the wind turbine manufacturer said Friday.
The remote monitoring and maintenance of the 5,800 machines with a combined output of more than 10 GW was affected by a satellite outage at Viasat on the same day as Russia invaded Ukraine. Viasat also had satellite operations going on in Ukraine and Enercon may have suffered as a part of being collateral damage in the attack.

March 31, 2022: German Wind Turbine Maker Hit in Cyberattack

A cyberattack shut down a German wind turbine maker’s IT systems across multiple locations and business units March 31.
Nordex designs, sells and manufactures wind turbines, reporting just over $5.9 billion in sales last year. The company has factories in Germany, China, Mexico, United States, Brazil, Spain and India.
“On 31 March 2022 Nordex Group IT security detected that the company is subject to a cyber security incident,” the company said in an advisory. “The intrusion was noted in an early stage and response measures initiated immediately in line with crisis management protocols. As a precautionary measure, the company decided to shut down IT systems across multiple locations and business units."

December 19, 2021: Global IT Firm Recovering From Ransomware Attack

Global IT services company, Inetum Group, suffered a ransomware attack December 19, impacting operations in France.
While the global company suffered the hit in France, its operations were ongoing in other parts of the world. Among the multiple sectors the company works with are energy and utilities, aerospace, automotive, and chemicals and life sciences. The company said none of the main infrastructures, communication, collaboration tools or delivery operations for its clients ended up affected.

April 26, 2016: German Nuke Infected with Malware

A nuclear power plant in Germany suffered from an infection of computer viruses, but they appear not to have posed a threat to the facility’s operations, the station’s operator said April 26.
The Gundremmingen plant, located about 120 km (75 miles) northwest of Munich, is run by the German utility RWE.
The viruses, which include W32.Ramnit and Conficker, ended up discovered at Gundremmingen’s B unit in a computer system retrofitted in 2008 with data visualization software associated with equipment for moving nuclear fuel rods, RWE said. The operating system ended up saved because it was not connected to the Internet.
Malware was also on 18 removable data drives, mainly USB sticks, in office computers maintained separately from the plant’s operating systems. RWE said it increased cyber security measures as a result.

February 17, 2013: FL Utility Suffers DDoS

The website of Jacksonville, FL-based JEA, a not-for-profit community-owned utility company that serves one million people, suffered a distributed denial-of-service (DDOS) attack.
The company notified customers the attack, which disrupted its website and its automatic phone system, started February 17, 2013.

February 19, 2013: Poughkeepsie, NY, Utility Hacked

Hackers gained entry to as many as 110,000 customer accounts at Poughkeepsie, NY-based Central Hudson Gas and Electric.
Employees detected the computer system intrusion Feb. 20, 2013. The attack occurred over a weekend, and as a result of regular control procedures, employees found the attack and reported it, the utility said.

November 27, 2021: CS Energy Hit In Ransomware Attack

The incident occurred Nov. 27 on CS Energy’s corporate network and did not have an impact on electricity generation at the Callide and Kogan Creek power stations, officials said. Those stations are continuing to generate and dispatch electricity into the National Electricity Market.

November 7, 2021: Cyber Attack Damages CO Utility

Montrose, Colorado-based Delta-Montrose Electric Association (DMEA) should be up and running within a week and completely operational by the end of the year after the utility fell victim to a “sophisticated and malicious” cyber attack in early November.
DMEA Chief Executive, Alyssa Clemsen Roberts confirmed the attack the utility discovered November 7 to the board of directors this past Tuesday (Nov. 30).
“We are a victim of a malicious cyber security attack,” Clemsen Roberts said in a report in the Montrose Daily Press. “In the middle of an investigation, that is as far as I’m willing to go. In the process about 90 percent of our internal controls and systems were corrupted or broken or disabled. And we lost the majority of our historical data for the last 20-25 years. Since then we have been slowly rebuilding our network.”

Pin It on Pinterest

Scroll to Top