Trace Midstream Ransomware Attack

Trace Midstream, a company operating in the Energy, Utilities & Waste sector, has been targeted by the ransomware group Alphv. The attack was announced on the group's dark web leak site, and the victim's website is tracemidstream.com. Trace Midstream is a mid-sized company with a reported revenue of $5.9 million.

The company's website provides limited information about its operations and services, focusing on its commitment to safety, reliability, and sustainability. Trace Midstream's primary business involves the transportation, storage, and processing of natural gas liquids (NGLs) and crude oil.

The Energy, Utilities & Waste sector is a critical infrastructure sector that has been rapidly digitizing its operational value chains. This digitization has brought significant value through analysis, process optimization, and automation but has also broadened access to previously isolated Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) devices by users of the IT network and third parties with internet access.

Ransomware poses a significant threat to companies in this sector, as seen in the WannaCry and NotPetya attacks, which disrupted operations in the oil and gas industry. The past year has also seen the growth of crypto-mining malware targeting ICS computers, severely affecting productivity by increasing load on industrial systems.

Trace Midstream's vulnerabilities in being targeted by threat actors could include insufficient cybersecurity measures, lack of awareness about the threat environment, or inadequate preparation for the mounting threats. As awareness of the threat environment grows, top executives at companies like Trace Midstream are now sharpening their focus on cybersecurity, asking important questions about transforming their cybersecurity capabilities, investments, and governance models.

In response to the threat landscape, companies are rethinking their cybersecurity organizations and governance models, adopting a risk-based approach to security, and seeking appropriate controls based on their critical assets.

Sources

• Trace Midstream. (n.d.). Home. Retrieved April 10, 2024, from https://tracemidstream.com/
• RansomLook. (n.d.). alphv details. Retrieved April 10, 2024, from https://www.ransomlook.io/group/Alphv
• McKinsey & Company. (2019, April 11). Critical infrastructure companies and the global cybersecurity threat. Retrieved April 10, 2024, from https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/critical-infrastructure-companies-and-the-global-cybersecurity-threat