Ransomware Operators Hit Gas Supplier Creos Luxembourg

BlackCat ransomware operatives have claimed responsibility for breaching Creos Luxembourg SA, an electricity and natural gas supplier in the Grand Duchy of Luxembourg.

Creos is owned by the substantially larger Encevo Group, which serves clients in Luxembourg, Germany, France, Belgium and the Netherlands. The company prides itself on being present all along the energy value chain, from production, storage, supply and transport to trading, distribution and services.

With business booming, last week one of Encevo’s main branches caught the eye of cybercriminals specialized in extorting money from energy suppliers.

On Monday, July 25, the parent company disclosed that “various entities of the Encevo Group” fell victim to a cyberattack.

“During this attack, a number of data were exfiltrated from computer systems or made inaccessible by hackers,” according to a notice on the company’s website.

“The group is currently making every effort to analyze the hacked data,” it adds. “For the moment, the Encevo Group does not yet have all the information necessary to personally inform each person concerned.”

According to an FAQ set up for clients concerned about the incident, energy supply was not affected by the attack. The company says it deployed IT and data forensic experts to determine whether personal data was leaked, and suspicious accounts or entry points have been suspended.

Encevo recommends that customers change their account passwords in case the bad guys got them.

The ALPHV ransomware gang, also known as BlackCat, has claimed responsibility for the hack, threatening to publish 180,000 files or around 150GB of data, including contracts, agreements, passports, bills and emails.

The group of extortionists making up BlackCat are thought to be the same ransomware operators responsible for the infamous shutdown of the Colonial Pipeline in May of 2021.