• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

OneClik APT campaign targets energy sector with stealthy backdoors

 | 

APT42 impersonates cyber professionals to phish Israeli academics and journalists

 | 

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

 | 

Cisco fixed critical ISE flaws allowing Root-level remote code execution

 | 

U.S. CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog

 | 

CitrixBleed 2: The nightmare that echoes the 'CitrixBleed' flaw in Citrix NetScaler devices

 | 

Hackers deploy fake SonicWall VPN App to steal corporate credentials

 | 

Mainline Health Systems data breach impacted over 100,000 individuals

 | 

Disrupting the operations of cryptocurrency mining botnets

 | 

Prometei botnet activity has surged since March 2025

 | 

The U.S. House banned WhatsApp on government devices due to security concerns

 | 

Russia-linked APT28 use Signal chats to target Ukraine official with malware

 | 

China-linked APT Salt Typhoon targets Canadian Telecom companies

 | 

U.S. warns of incoming cyber threats following Iran airstrikes

 | 

McLaren Health Care data breach impacted over 743,000 people

 | 

American steel giant Nucor confirms data breach in May attack

 | 

The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M

 | 

Iran-Linked Threat Actors Cyber Fattah Leak Visitors and Athletes' Data from Saudi Games

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 50

 | 

Security Affairs newsletter Round 529 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Cyber Crime
  • Hacking
  • Malware
  • ALPHV/BlackCat ransomware gang claims to have stolen data from Creos Luxembourg S.A.

ALPHV/BlackCat ransomware gang claims to have stolen data from Creos Luxembourg S.A.

Pierluigi Paganini August 01, 2022

The ALPHV/BlackCat ransomware gang claims to have breached the European gas pipeline Creos Luxembourg S.A.

The ALPHV/BlackCat ransomware gang claims to have hacked the European gas pipeline Creos Luxembourg S.A.

Creos Luxembourg S.A. owns and manages electricity networks and natural gas pipelines in the Grand Duchy of Luxembourg. In this capacity, the company plans, constructs and maintains high, medium and low-voltage electricity networks and high, medium and low-pressure natural gas pipelines, which it owns or which it is responsible for managing.

The ALPHV/BlackCat ransomware group claims to have stolen more than 150 GB from the company, a total of 180.000 files. Stolen data include contracts, agreements, passports, bills, and emails.

Creos Luxembourg BlackCat

The company Encevo, which owns the majority of Creos, published a security advisory to announce that the gas pipeline form has suffered a cyber attack that took place between July 22 and 23. Encevo registered a complaint with the Police of the Grand Duchy and of course notified the CNPD (National Commission for Data Protection), the ILR (Luxembourg Institute of Regulation) and the competent ministries.

“The Encevo Group would like to inform that its Luxembourg entities Creos (network operator) and Enovos (energy supplier) were victims of a cyberattack on the night of July 22 to 23, 2022. The Encevo Group crisis unit was triggered immediately and the situation is currently under control. We are in the process of gathering all the elements necessary for the understanding and complete resolution of the incident.” reads the announcement. “However, this attack has a negative impact on the operation of the Creos and Enovos customer portals.”

Creos and Enovos pointed out that the cyberattack did not impact the supply of electricity and gas and that the breakdown service is guaranteed.

On July 28, Encevo Group published a new announcement confirming that threat actors have exfiltrate data from its systems.

“Following the announcement of Monday, July 25 and in accordance with our legal information obligations, we confirm that the various entities of the Encevo Group have been the victim of a Cyber-attack. During this attack, a number of data were exfiltrated from computer systems or made inaccessible by hackers.”

For the moment, Encevo Group is investigating the incident to determine potentially impacted individuals. The company is asking its customers not to contact the group’s services on this subject for the time being, it set up a website (https://www.encevo.eu/en/encevo-cyberattack/)that will be updated as the situation evolves.

In early July, BlackCat (aka ALPHV) Ransomware gang introduced an advanced search by stolen victim’s passwords, and confidential documents.

Resecurity (USA), a Los Angeles-based cybersecurity company protecting Fortune 500 companies, has detected a significant increase in the value of ransom demand requests by the notorious Blackcat ransomware gang.

Based on the observed recently compromised victims based in the Nordics region (which haven’t been disclosed by the group yet) the amount to be paid exceeds $2 million. One of the tactics used offers close to 50% discount to the victim in the case they are willing to pay – several ransom demands valued at $14 million were decreased to $7 million, but such amounts are still complicated for enterprises facing cybersecurity incidents. The most common ransom demand practiced by BlackCat jumped up to $2.5 million and it seems its trajectory will only grow.

The average ransomware payment climbed 82% since 2020 to a record high of $570,000 in the first half of 2021, and then by 2022 it almost doubled. 

BlackCat has been operating since at least November 2021, and launched major attacks in January to disrupt OilTanking GmbH, a German fuel company, and in February 2022, the attack on an aviation company, Swissport. The group is targeting high-profile businesses in critical industries including energy, financial institutions, legal services, and technology.

Blackcat ransomware is one of the fastest-growing Ransomware-as-a-Service (RaaS) underground groups practicing so called “quadruple extortion” by pressing victims to pay – leveraging encryption, data theft, denial of service (DoS) and harassment.

The BlackCat is also known as “ALPHV”, or “AlphaVM” and “AphaV”, a ransomware family created in the Rust programming language. The group’s leader with identical alias in communications on Dark Web forums outlined Rust as one of the competitive advantages of their locker compared to Lockbit and Conti. Despite the fact Blackcat and Alpha have completely different URLs in TOR Network, the scripting scenarios used on their pages are identical, and likely developed by the same actors.

The group was the pioneer of search in the indexed stolen data – allowing customers and employees of the affected companies to check exposed data.

 In a recent post from 10 Jul 2022, 15:35 pm in Dark Web, “ALPHV” introduced search not only by text signatures, but also supporting tags for search of passwords and compromised PII. It seems that some of the stolen files are still under indexing, but majority is already available for quick navigation. There were over 2,270 indexed documents identified containing access credentials and password information in plaintext, and over 100,000 documents containing confidential marking, including indexed e-mail communications and sensitive attachments.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Creos Luxembourg)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

ALPHV BlackCat Creos Luxembourg Cybercrime Hacking hacking news information security news IT Information Security malware Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini June 27, 2025
OneClik APT campaign targets energy sector with stealthy backdoors
Read more
Pierluigi Paganini June 27, 2025
APT42 impersonates cyber professionals to phish Israeli academics and journalists
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    OneClik APT campaign targets energy sector with stealthy backdoors

    Hacking / June 27, 2025

    APT42 impersonates cyber professionals to phish Israeli academics and journalists

    APT / June 27, 2025

    Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

    Cyber Crime / June 26, 2025

    Cisco fixed critical ISE flaws allowing Root-level remote code execution

    Security / June 26, 2025

    U.S. CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog

    Security / June 26, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT