In an attack on Creos, a European natural gas pipeline operator, hacker group BlackCat copied 150 GB of customer data.
The BlackCat hacker group obtained 150 GB of customer data in an attack on Creos, the operator of a European gas pipeline exfiltrated. Now they are blackmailing the company and threatening to publish the data.
BlackCat copies around 25 GB of customer data from Creos
A hacker group known as BlackCat or ALPHV known, has again found a new victim. This is what the Luxembourg Encevo Group announced on 25. July announced on its own website that after a successful cyber attack on parts of the company, hackers were able to partially exfiltrate some data and make it partially inaccessible. One of BlackCat’s targets was Creos, which also belongs to the Encevo Group and operates natural gas pipelines and electricity networks.
BlackCat is said to be around 150 GB of data copied from Creos, divided into about 180.000 files. The hacker group is now threatening to publish this data, some of which includes customer information on contracts, invoices, e-mails and copies of ID documents. To enforce the ransom demand, the hackers even provide a “Extortion Platform” where the stolen data can be searched. However, as the Encevo Group reports, it has no plans to comply with the hacker’s request.
The company confirmed that IT experts and data forensic scientists are already working flat out on an analysis of the hacked data. So far, the Encevo Group does not have all the information it needs to notify affected users. The local police, the National Data Protection Commission and the ILR (Luxembourg Institute of Regulation) have already been notified of the incident.
What customers of the Encevo Group should do now
The Encevo Group assures in its FAQ on its website that the cyber attack by BlackCat will not have any impact on the energy supply of its customers. All affected customers will receive notification of the theft of their data as soon as possible. Particular attention is paid to restoring systems and data that were temporarily unusable.
The company recommends its customers to update their credentials. The users should therefore change all passwords. Both in the Encevo Group portal and in other online services where users have used the same password. Ideally, every online service should have an individual and secure password.
In addition, users should delete e-mails from unknown senders and under no circumstances should they open links or file attachments from such e-mails. Regular checking of one’s own bank accounts for suspicious activities is also part of the Encevo Group’s recommendation, since BlackCat was able to gain access to the customer’s bank details.
The black one Cat doesn’t get tired
In the recent past, the BlackCat hacker group has attracted increasing attention with its ransomware attacks. Just a few weeks ago, we reported an attack by the same hacker group on Bandai Namco. But also reports about other hacker groups, such as Berserk Bear, which is assigned to the Russian secret service FSB, have been piling up lately.