Luxembourg-based Energy Supplier Encevo was hacked by the AlphV ransomware gang. Encevo confirmed that several entities of the group were targeted in the attack. A considerable amount of data was compromised from their computer systems. Hackers also made the data inaccessible, which further increased the attack’s impact. Post the hack; the system remains disrupted. Moreover, a few Encevo systems are yet to recover from the attack. The company is trying to analyze the hacked data and has registered a complaint with the Police of the Grand Duchy.
Meanwhile, in a dark web blog post, the ransomware group claimed they had stolen 150GB of data from Encevo Group. The hacked data included emails, bills, passports, contract details and agreement records. The blog read, “On Monday, we gonna publish the data we have”, which further threatens the privacy of the victims.
The incident came to light a week after Encevo Group disclosed that their subsidiaries Creos and Enovos were victims of a cyberattack. The attack occurred on the July 22, 2022 on the electricity network Creos and gas pipeline Enovos. AlphV claimed responsibility for this attack on a leak site on July 29. They also threatened to make the retrieved data public.
Earlier, AlphV attacked Colonial Pipeline in May 2021 and a Germany-based gas distributor Oiltanking in November 2021. Brett Callow, a threat analyst at Emsisoft, inferred that malicious actors might want to make use of a time when the energy supply chains are vulnerable. It increases the chances of getting a payout when they are stressed.
The ransomware group is known to demand ransom of an undisclosed amount after attacking and stealing data in a similar pattern. Researchers speculate that members of DarkSide, a notorious hacker group, might be involved in the attack with AlphV. DarkSide had attacked the U.S. gas provider Colonial Pipeline in 2021.
Encevo Group does not have all the data required to inform individuals who have been affected. However, they have notified the National Commission for Data Protection (CNPD) and the Luxembourg Institute of Regulation (ILR). The FAQ section on their website has appealed to the users to change all their login data.