Published on: August 2, 2022

ALPHV ransomware gang, also known as BlackCat, claimed responsibility for a cyberattack against Creos Luxembourg S.A. last week. Creos is a natural gas pipeline and electricity network operator in the European country.

The pipeline’s owner, Encevo, announced last week that they had suffered a cyberattack the weekend prior. The company operates as an energy supplier for five EU countries.

Although the cyberattack made the customer portals of Encevo and Creos become unavailable, there was no interruption in the services provided.

“Following the announcement of Monday, July 25 and in accordance with our legal information obligations, we confirm that the various entities of the Encevo Group have been the victim of a Cyber-attack,” the company said in a press release. “During this attack, a number of data were exfiltrated from computer systems or made inaccessible by hackers.

“The group is currently making every effort to analyze the hacked data. For the moment, the Encevo Group does not yet have all the information necessary to personally inform each person concerned. Encevo registered a complaint with the Police of the Grand Duchy and of course notified the CNPD (National Commission for Data Protection), the ILR (Luxembourg Institute of Regulation) and the competent ministries.”

Later last week, Encevo posted an update on the cyberattack, with the initial results of their investigation showing that the network intruders had exfiltrated “a certain amount of data” from the breached systems.

At that time, the company asked customers to be patient until the investigations were concluded, when they would all receive a personalized notice. Encevo added that more information will be posted on a dedicated webpage for the cyberattack once it becomes available.

In the meantime, all customers were recommended to reset their online account credentials used for interacting with Encevo and Creos services.

The ALPHV/BlackCat ransomware group added Creos to its extortion site on Saturday, and threatened to publish 180,000 stolen files totaling 150 GB in size. These files included contracts, agreements, passports, bills, emails, and more.

While there was no exact time announced for the fulfillment of their threat, the attackers said they would disclose the data later on Monday.