{ "id": "2e81eead-1054-4c3e-be3a-99530f78f441", "created_at": "2026-04-06T00:14:49.659674Z", "updated_at": "2026-04-10T13:12:53.456536Z", "deleted_at": null, "sha1_hash": "5fb129fa43d93490da7ca47a990ee2a093f4bc62", "title": "BlackCat ransomware claims attack on European gas pipeline", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 3075763, "plain_text": "BlackCat ransomware claims attack on European gas pipeline\r\nBy Bill Toulas\r\nPublished: 2022-08-01 · Archived: 2026-04-05 18:08:14 UTC\r\nThe ALPHV ransomware gang, aka BlackCat, claimed responsibility for a cyberattack against Creos Luxembourg S.A. last\r\nweek, a natural gas pipeline and electricity network operator in the central European country.\r\nCreos’ owner, Encevo, who operates as an energy supplier in five EU countries, announced on July 25 that they had suffered\r\na cyberattack the previous weekend, between July 22 and 23.\r\nWhile the cyberattack had resulted in the customer portals of Encevo and Creos becoming unavailable, there was no\r\ninterruption in the provided services.\r\nhttps://www.bleepingcomputer.com/news/security/blackcat-ransomware-claims-attack-on-european-gas-pipeline/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/blackcat-ransomware-claims-attack-on-european-gas-pipeline/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nOn July 28, the company posted an update on the cyberattack, with the initial results of their investigation indicating that the\r\nnetwork intruders had exfiltrated “a certain amount of data” from the accessed systems.\r\nAt that time, Encevo wasn’t in a position to estimate the scope of the impact and kindly asked customers to be patient until\r\nthe investigations were concluded, at which time everyone would receive a personalized notice.\r\nSince no further updates have been posted on Encevo’s media portal, this procedure is likely still underway. Encevo says\r\nthat when more information becomes available, it will be posted on a dedicated webpage for the cyberattack.\r\nFor now, all customers are recommended to reset their online account credentials, which they used for interacting with\r\nEncevo and Creos services. Furthermore, if those passwords are the same at other sites, customers should change their\r\npasswords on those sites as well.\r\nBleeping Computer has contacted Creos to request more information about the impact of the cyberattack, but a spokesperson\r\nof the firm declined to give any comment at this stage.\r\nBlackCat strikes gas again\r\nThe ALPHV/BlackCat ransomware group added Creos to its extortion site on Saturday, threatening to publish 180,000\r\nstolen files totaling 150 GB in size, including contracts, agreements, passports, bills, and emails.\r\nWhile no exact time was announced for the fulfillment of this threat, the hackers vowed the disclosure to occur later today\r\n(Monday).\r\nALPHV ransomware adding Creos on extortion site\r\n ALPHV/BlackCat has recently launched a new extortion platform where they make stolen data searchable by visitors, with\r\nthe goal being to increase pressure on their victims to make them pay a ransom.\r\nWhile BlackCat continues to innovate data extortion, they never seem to learn from their mistakes and continue to target\r\nhigh-profile companies that will likely land them in the cross-hairs of international law enforcement agencies.\r\nBlackCat is believed to be a rebrand DarkSide operation, which shut down under pressure from law enforcement following\r\nits highly-publicized ransomware attack on Colonial Pipeline.\r\nAfter shutting down DarkSide, they rebranded as BlackMatter to evade law enforcement, but the pressure continued with the\r\ngang shutting down again.\r\nSince November 2021, when the threat actors relaunched as BlackCat/ALPHV, the threat actors tend to avoid big American\r\ntargets and target European entities instead, like Austrian states, Italian fashion chains, and a Swiss airport service provider.\r\nHowever, it appears that they have not learned from their mistakes and continue to attack critical infrastructure, such as the\r\nGerman petrol supply firm Oiltanking in February and now Creos Luxembourg.\r\nhttps://www.bleepingcomputer.com/news/security/blackcat-ransomware-claims-attack-on-european-gas-pipeline/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/blackcat-ransomware-claims-attack-on-european-gas-pipeline/\r\nhttps://www.bleepingcomputer.com/news/security/blackcat-ransomware-claims-attack-on-european-gas-pipeline/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://www.bleepingcomputer.com/news/security/blackcat-ransomware-claims-attack-on-european-gas-pipeline/" ], "report_names": [ "blackcat-ransomware-claims-attack-on-european-gas-pipeline" ], "threat_actors": [ { "id": "6e23ce43-e1ab-46e3-9f80-76fccf77682b", "created_at": "2022-10-25T16:07:23.303713Z", "updated_at": "2026-04-10T02:00:04.530417Z", "deleted_at": null, "main_name": "ALPHV", "aliases": [ "ALPHV", "ALPHVM", "Ambitious Scorpius", "BlackCat Gang", "UNC4466" ], "source_name": "ETDA:ALPHV", "tools": [ "ALPHV", "ALPHVM", "BlackCat", "GO Simple Tunnel", "GOST", "Impacket", "LaZagne", "MEGAsync", "Mimikatz", "Munchkin", "Noberus", "PsExec", "Remcom", "RemoteCommandExecution", "WebBrowserPassView" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434489, "ts_updated_at": 1775826773, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/5fb129fa43d93490da7ca47a990ee2a093f4bc62.pdf", "text": "https://archive.orkl.eu/5fb129fa43d93490da7ca47a990ee2a093f4bc62.txt", "img": "https://archive.orkl.eu/5fb129fa43d93490da7ca47a990ee2a093f4bc62.jpg" } }