alphv attacks Creos Luxembourg

Incident Date:

July 29, 2022

World map



alphv attacks Creos Luxembourg


Creos Luxembourg




Rue de Strassen, Luxembourg

Luxembourg, Luxembourg

First Reported

July 29, 2022

Creos Luxembourg Suffers Ransomware Attack by Alphv Group

Company Overview

Creos Luxembourg, a key player in the Energy, Utilities & Waste sector, operates as a natural gas pipeline and electricity network provider within Luxembourg. As a subsidiary of the Encevo Group, it extends its services across Luxembourg, Germany, France, Belgium, and the Netherlands, covering the entire energy value chain from production and storage to distribution and services.

Attack Details

The cyberattack initiated on July 22, 2024, led to significant data inaccessibility and the exfiltration of files from Creos Luxembourg's systems. The full extent of the compromised information remains undetermined. As a precautionary measure, Encevo has recommended that users change their passwords on its websites.

Alphv Group

Known in the cyber underworld as Alphv or BlackCat, this ransomware group has been operational since November 2021. It is believed to have connections with the BlackMatter and DarkSide ransomware factions. Alphv has a notorious reputation for targeting a wide range of organizations globally, employing file-encrypting malware to leverage stolen data.

Impact and Response

Despite the severity of the attack, the supply of electricity and natural gas to Creos Luxembourg's customers remains unaffected. Encevo is in the process of identifying the impacted parties and has established a bilingual web page for incident updates. The company has also engaged law enforcement to aid in the ongoing investigation.


The attack's success can be attributed to unspecified vulnerabilities, which may include software flaws, outdated systems, or human errors such as phishing or weak password practices. These vulnerabilities are common entry points for ransomware attacks.

The ransomware attack on Creos Luxembourg by the Alphv group underscores the persistent cyber threat facing critical infrastructure sectors. Despite heightened security measures and law enforcement efforts, ransomware groups continue to pose a formidable risk to the industrial and energy sectors.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.