German Energy Agency latest claimed by ALPHV/BlackCat ransom gang


Dena, the Deutsche Energie-Agentur GmbH – translated in English to the German Energy Agency LTD – is being claimed as the latest casualty of the ALPHV/BlackCat ransomware group.

The Berlin-based profit-oriented climate protection agency announced it had been the victim of a cyberattack on November 23rd.

The international energy think tank has roughly 100 energy transition projects currently happening around the world, with 2022 earnings listed as over €700 million.

ADVERTISEMENT

Dena posted a statement on its website with details about the attack and the ongoing investigation.

“As a result of the cyber attack on dena, a risk to the data processed by our business contacts cannot be ruled out,” dena said.

“This may also affect sensitive data, such as account details,” it said, adding forensic experts were still determining “exactly which data was leaked.”

dena cyberattack website
dena.de. Image by Cybernews.

Meanwhile, at about 2 p.m. EST Wednesday, December 6th, ALPHV/BlackCat posted dena on its dark leak site.

In a short blog entry, the Russian-linked gang claimed to have stolen sensitive data from the energy collective, but did not provide any specific amount.

A list of stolen data was stated to be “encrypted backups, esxi, unloaded all email correspondence as of 2016 and other sensitive data.”

ALPHV/BlackCat dena
ALPHV/BlackCat leak site. Image by Cybernews
ADVERTISEMENT

It also appears that dena was forced to take its systems offline to try and contain the damage, which is often the case with cyberattacks.

“We will only restart our systems once this review has been completed and additional protective measures have been introduced,” dena said in its breach announcement.

The company declined to provide exactly when that would be, but said it would post any updates on its website.

dena cyberattack statement
dena.de. Image by Cybernews.

The company also said it would be reviewing its entire IT infrastructure to ensure the “greatest possible security” for the company and business partners.

Cybernews has reached out to dena and is awaiting a response.

Who is ALPHV/BlackCat?

ALPHV/BlackCat ransomware was first observed in 2021 and is known to operate as a ransomware-as-a-service (RaaS) model by selling malware subscriptions to criminals.

The Russian-affiliated gang carried out more than 200 ransom attacks in the first half of 2023 alone, according to a September report by Trend Micro, and is said to be responsible for approximately 12% of all attacks in 2022.

The group has easily caused over $1 billion in lost corporate revenue in 2023, according to security insiders.

Known for its triple-extortion tactics, the gang was responsible for the September ransomware attacks on the Las Vegas casino giants MGM Resorts, as well as Caesars International, who is rumored to have paid a $15 million ransom to keep operations running.

ADVERTISEMENT

Other big name victims include Clorox, Dole, NCR, Next Gen Healthcare, Seiko and the Mazars Group.