Trans-Northern Pipelines latest ALPHV/BlackCat ransom claim


Major Canadian oil and gas pipeline operators Trans Northern Pipelines (TNPI) have been claimed by the notorious ALPHV/BlackCat ransomware gang.

The Ontario-based pipeline operator addressed the gang's allegations, as well as concerns about possible supply chain disruptions.

“Trans-Northern Pipelines Inc. experienced a cybersecurity incident in November 2023 impacting a limited number of internal computer systems,” a TNPI spokesperson told Cybernews on Tuesday.

“We have worked with third-party, cybersecurity experts and the incident was quickly contained. We continue to safely operate our pipeline systems,” they said.

The spokesperson also said the company was “aware of posts on the dark web claiming to contain company information, and we are investigating those claims.”

The Russian-linked ALPHV/BlackHat named Trans-Northern Pipelines as a victim on its dark leak site February 13th, claiming have stolen approximately 183GB of data from the company.

“All important information in the amount of 190GB was stolen. All files are public. Good luck,” the gang wrote on its blog.

Trans-Northern Pipeline APLHV/BlackCat
ALPHV/Blackcat dark leak site. Image by Cybernews.

TNPI operates two pipeline systems in the North American country – the Alberta pipeline, running almost 200 miles from Edmonton to Calgary, and the Ontario-Quebec pipeline which spans roughly 525 miles in the east-west direction.

A total of over 220,000 barrels of refined fuel products flow across the two lines every day, according to the TNPI website.

ALPHV/BlackCat has not revealed what type of information it may have stolen or provide any TNPI leak samples to view on its blog.

TNPI was the sixth victim whose data was allegedly uploaded to ALPHV’s leak site Tuesday.

Besides TNPI, the group’s February 13th sweep includes the US snack food company Herr’s; US golf course operator Arcis Golf; Canada’s consumer electronics chain The Source; California corporate law firm Procopio; and Kraft Group subsidiary New Indy Containerboard, an industrial packaging company.

APLHV/BlackCat six victims Feb 13
ALPHV/Blackcat dark leak site. Image by Cybernews.

According to its data claims figures, the ransom group is purported to have made off with a combined total of 1283GB from the half a dozen companies.

In its latest appeal to the media, the ransom gang amusingly also posted the contact information of several company employees – apparently in an attempt to help out said journalists like myself who may be reporting on the hack.

Who is ALPHV/BlackCat?

ALPHV/BlackCat ransomware was first observed in 2021 and is known to operate as a ransomware-as-a-service (RaaS) model by selling malware subscriptions to criminals.

The Russian-affiliated gang carried out more than 200 ransom attacks in the first half of 2023 alone, according to a September report by Trend Micro, and is said to be responsible for approximately 12% of all attacks in 2022.

The group has easily caused over $1 billion in lost corporate revenue in 2023, according to security insiders.

Known for its triple-extortion tactics, the gang was responsible for the September ransomware attacks on the Las Vegas casino giants MGM Resorts, as well as Caesars International, who is rumored to have paid a $15 million ransom to keep operations running.

Other big name victims include Clorox, Dole, NCR, Next Gen Healthcare, Seiko and the Mazars Group.


More from Cybernews:

AI-powered boyfriends are a hit in China

Companies use AI to read private Slack and Teams messages 

Bumblebee malware: on a buzz and back stinging 

Paramount botches Super Bowl livestream: more problems ahead?

Meta cuts political content on Reels but users say “Don’t babysit us”

Subscribe to our newsletter

Who is ALPHV/BlackCat?



Leave a Reply

Your email address will not be published. Required fields are markedmarked