alphv attacks Creos Luxembourg
Incident Date:
July 29, 2022
Overview
Title
alphv attacks Creos Luxembourg
Victim
Creos Luxembourg
Attacker
Alphv
Location
First Reported
July 29, 2022
Creos Luxembourg Suffers Ransomware Attack by Alphv Group
Company Overview
Creos Luxembourg, a key player in the Energy, Utilities & Waste sector, operates as a natural gas pipeline and electricity network provider within Luxembourg. As a subsidiary of the Encevo Group, it extends its services across Luxembourg, Germany, France, Belgium, and the Netherlands, covering the entire energy value chain from production and storage to distribution and services.
Attack Details
The cyberattack initiated on July 22, 2024, led to significant data inaccessibility and the exfiltration of files from Creos Luxembourg's systems. The full extent of the compromised information remains undetermined. As a precautionary measure, Encevo has recommended that users change their passwords on its websites.
Alphv Group
Known in the cyber underworld as Alphv or BlackCat, this ransomware group has been operational since November 2021. It is believed to have connections with the BlackMatter and DarkSide ransomware factions. Alphv has a notorious reputation for targeting a wide range of organizations globally, employing file-encrypting malware to leverage stolen data.
Impact and Response
Despite the severity of the attack, the supply of electricity and natural gas to Creos Luxembourg's customers remains unaffected. Encevo is in the process of identifying the impacted parties and has established a bilingual web page for incident updates. The company has also engaged law enforcement to aid in the ongoing investigation.
Vulnerabilities
The attack's success can be attributed to unspecified vulnerabilities, which may include software flaws, outdated systems, or human errors such as phishing or weak password practices. These vulnerabilities are common entry points for ransomware attacks.
The ransomware attack on Creos Luxembourg by the Alphv group underscores the persistent cyber threat facing critical infrastructure sectors. Despite heightened security measures and law enforcement efforts, ransomware groups continue to pose a formidable risk to the industrial and energy sectors.
Sources
- Creos Luxembourg Website
- The Record: Luxembourg energy companies struggling with alleged ransomware attack, data breach
- Cybersecurity Dive: Luxembourg energy supplier Encevo hit by ransomware attack
- Bitdefender: Ransomware Operators Hit Gas Supplier Creos Luxembourg
- SecurityWeek: Luxembourg Energy Company Hit by Ransomware
- Bleeping Computer: BlackCat ransomware claims attack on European gas pipeline
- Encevo Group: Encevo Group's Response to the Ransomware Attack
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.