Encevo, a Luxembourg-based energy supplier, experiences a ransomware assault.

In a recent cyberattack, the ransomware group ALPHV, also known as BlackCat, has targeted two Luxembourg-based companies, Creos and Enovos. The attack occurred between July 22 and 23, rendering the customer portals of both companies non-operational.

Encevo, the parent company of both business units, has confirmed that electricity and gas are still flowing to customers without interruption. However, the company is currently investigating the incident and will contact customers that might be impacted. Encevo has energy supply operations in five European countries and is the largest energy firm in Luxembourg, providing more than 285,000 customers with electricity and 47,000 with natural gas.

ALPHV claimed responsibility for the attack on July 29 and threatened to publish the data they stole on Monday. The group claims it exfiltrated more than 150 gigabytes of sensitive data from Creos, including contracts, passports, bills, and emails.

ALPHV is the latest rebrand of the DarkSide ransomware group, which was responsible for the attack on Colonial Pipeline in May 2021. However, the organization that attacked ALPHV is not explicitly identified as a single entity in the available sources. ALPHV operates as a ransomware-as-a-service group, with various affiliates operating under its umbrella.

Historically, ALPHV has demanded a ransom as part of its cyberattacks, but no figure has yet been reported. Threat actor Brett Callow, a threat analyst at Emsisoft, stated that ALPHV is increasingly active and is probably as busy as the prolific LockBit ransomware group.

The more likely rationale for ALPHV's latest attack, as with the majority of all attacks, is opportunistic and non-targeted. Threat actors may believe that attacking energy companies at a time when the energy supply chain is already stressed increases their likelihood of a payout. Affiliates of LockBit were recently observed infiltrating on-premises servers to spread malware on targeted networks.

The evolving role of CISOs (Chief Information Security Officers) involves better understanding the risk associated with their technology stacks. Addressing the question, "Are we a target?" is becoming increasingly important for corporate stakeholders as they seek to understand the risk calculus of their technology stacks.