Ransomware gang says it hit Luxembourg’s energy supplier


Alphv ransomware group, also known as BlackCat, claim they hit Creos Luxembourg, a company behind the grand duchy’s electricity network and gas pipeline.

Creos Luxembourg announced the company’s systems were hit with a cyberattack last week. While the attack did not impact the supply of electricity and gas, it’s phone lines and customer management systems went down.

“We are in the process of gathering all the elements necessary to understand and resolve the incident. However, this attack has a negative impact on the operation of the Creos and Enovos customer portals,” the company said in a statement.

ADVERTISEMENT

Brett Callow, Threat Analyst at Emsisoft, noticed that Alphv ransomware posted the name of Creos Luxembourg on groups’ leak site. Threat actors claim they stole over 150 GB of files including contracts, agreements, passports, bills and emails.

Callow notes that Alphv group is a rebrand of a BlackMatter group which formed after another ransomware gang, Darkside, disbanded. The latter was responsible for the hacking the Colonial Pipeline and forcing the company to shut down its operations which lead to gas shortages in the US.

Productive newcomer

ALPHV/BlackCat ransomware was first observed in late 2021. Like so many others in the criminal underworld, the group operates a ransomware-as-a-service (RaaS) business, selling criminals malware subscriptions.

ALPHV/BlackCat was noted for the use of the Rust programming language. According to an analysis by the Microsoft 365 Defender Threat Intelligence Team, threat actors that started deploying ALPHV/BlackCat were known to work with other prominent ransomware families such as Conti, LockBit, and REvil.

The FBI believes money launderers for ALPHV/BlackCat cartel are linked to Darkside and Blackmatter ransomware cartels, indicating the group has a well-established network of operatives in the ransomware business.

Lately, ALPHV/BlackCat has been among the most active ransomware gangs. According to the cybersecurity analyst ANOZR WAY, the group was responsible for approximately 12% of all attacks in 2022.

ADVERTISEMENT

Cybersecurity firm Digital Shadows noted that the group’s activity increased by 117% last quarter. Only LockBit and Conti surpassed the group in the total number of victims breached over the second quarter of 2022.

Most recently, ALPHV/BlackCat ransomware was used to attack the University of Pisa. Threat actors demanded that the university administration pay $4.5 million for the release of encrypted data.