Following a July 25 announcement that its subsidiaries had been breached in a ransomware attack, Encevo, an energy supplier based in Luxembourg, followed up a few days later with an update that teams were currently investigating the extent of the damage done.
Now, new reports say the BlackCat ransomware group has posted 150GB of data on its extortion site, purportedly stolen from Encevo, including contracts, passports, bills, and emails — and the group is threatening to release them within hours if the ransom isn’t paid.
BlackCat has emerged as a formidable ransomware actor, formed with members from infamous, and now defunct, groups that include BlackMatter and REvil.
The attack specifically affected natural gas-pipeline operator Creos and the energy supplier Enovos, Encevo assured users supply would not be disrupted as a result of the attack but recommended that customers update their login details as soon as possible, “insofar the respective sites/portals are accessible,” the company said in its statement about the cyberattack.
“For now, the Encevo Group does not yet have all the information necessary to inform personally each potentially affected person. This is why we ask our customers not to contact us for the moment.”
It added, “Once again we apologize to our customers for inconvenience and we do our best to restore full service as soon as possible. Creos and Enovos emphasize once again that the supply of electricity and gas are not affected and that the breakdown service is guaranteed.”