The BlackCat ransomware gang has claimed responsibility for a ransomware attack that resulted in the theft of data from a Luxembourg power company.

The attack targeted Encevo S.A. electricity and gas pipeline subsidiary Creos Luxembourg S.A. between July 22 and 23. The company described that attack as a cyberattack that had resulted in network intruders exfiltrating “a certain amount of data” from accessed systems.

“The group is currently making every effort to analyze the hacked data,” Encevo wrote on July 28. “For the moment, the Encevo Group does not yet have all the information necessary to personally inform each person potentially concerned.”

The link to BlackCat, also known as ALPHV, emerged on Sunday when the group threatened to publish 180,000 stolen files totaling 150 GB in size from Creos by Monday if a ransom was not paid. The stolen data allegedly includes contracts, agreements, passports, bills and emails. As of now, the data has not been published.

The details of how the attack took place have not been disclosed. Encevo said it had filed a complaint with police in Luxembourg and notified relevant government authorities.

BlackCat/ALHPV first appeared in December and was in the news in January when it took responsibility for a ransomware attack on Italian luxury fashion brand Moncler SpA. In July, the group took credit for an attack on Japanese video game publisher Bandai Namco Holdings Inc.

The group advertises its software on a ransomware-as-a-service basis on cybercrime forums, inviting others to join it and launch attacks against large companies.

According to Bleeping Computer today, BlackCat is believed to be a rebrand of the DarkSide ransomware group that shut down in May 2021 after being tied to the high-profile breach of Colonial Pipeline Co. The group is also linked to BlackMatter, another post-DarkSide group that was forced to shut down in late November. The timing is notable as BlackCat emerged not long after BlackMatter went offline.

“With Encevo unable to ‘estimate the scope’ of the attack, it highlights a common problem with today’s security operations,” Saryu Nayyar, founder and chief executive of unified security and risk analysis company Gurucul Solutions Pvt Ltd A.G., told SiliconANGLE. “Too often are security teams overwhelmed with disparate and unrelated alerts or have to piece together the alerts manually, which leads to false positives and wasted efforts.”

Security teams lack the high accuracy needed not only to establish a threat but also to understand the entire attack campaign versus just individual threats, Nayyar added. “The ability to collect a full set of telemetry across different sources, link together the various indicators of compromise and ‘build the puzzle’ automatically is critical to providing the full context needed by security teams to get ideally prevent the attack, but also, in this case, be able to respond appropriately and quickly,” she said.

Image: Encevo