Encevo Group, an energy conglomerate based in Luxembourg, is still facing disruption more than two weeks after it was hit by a ransomware attack. The group behind BlackCat ransomware has since claimed responsibility for the attack, threatening to publish some 150GB of data it stole during the breach if Encevo Group does not meet its demands.
What happened
On July 25, 2022, Encevo Group announced that several of its entities had been subject to a cyber attack on July 22. These entities were Creos, an electricity network and gas pipeline operator, and Enovos, an energy supplier. During the attack, hackers had stolen data and rendered some computer systems inaccessible. According to Tech Monitor, the stolen data includes contracts, agreements, passports, bills, and emails.
Fortunately, the energy supply has not been disrupted. However, many customers cannot access their online portals. Encevo has not yet been able to contact each customer affected personally as its investigation is still underway but has advised everyone to change the login credentials they use to interact with Encevo.
What is BlackCat?
The group behind BlackCat, also known as AlphV, is believed to be a rebrand of the now disbanded DarkSide, the ransomware group responsible for the Colonial Pipeline attack last year. The ransomware itself is highly customizable and is believed to be one of the first ransomware coded in the Rust programming language. Rust is known for its performance and safety and can work across platforms, so both Linux and Windows variants can be developed.
According to Emsisoft, it works by encrypting data using AES encryption and only decrypts stolen data if a demanded ransom is paid. The group threatens to leak the data if victims do not pay the ransom. It uses a ransomware-as-a-service (RaaS) business model, leasing it to affiliates who earn a percentage of a successful attack’s ransom payment. It’s also one of the few RaaS groups that can successfully threaten DDoS victims to pay a ransom.
The attack on Encevo is just one of a long line of recent attacks carried out by BlackCat since the ransomware’s first detection in November 2021. Emisoft estimates that BlackCat has been behind around 776 attacks since then. Over the past few months, the ransomware has been used to attack the likes of the video game company Bandai Namco and SRM Technologies, an Indian IT services company.
Where to go from here
So, how can large organizations protect themselves against sophisticated ransomware like BlackCat? Microsoft has written an in-depth blog on the subject, suggesting companies must focus on preventing the end-to-end attack chain instead of the traditional approach of just focusing on detecting ransomware payloads. Apart from that, hardening networks through things like proper patch management and implementing credential hygiene is a must.
Cora is a digital copywriter for SSLs.com. Having eight years of experience in online content creation, she is a versatile writer with an interest in a wide variety of topics, ranging from technology to marketing.