Luxembourg Based Pipeline Operator Pwned In Ransomware Attack

Bleeping Computer is reporting that BlackCat ransomware has claimed responsibility for an attack on European gas pipeline. Creos Luxembourg S.A., a natural gas pipeline and electricity network operator in the central European country, last week announced that they had suffered a cyber attack. While the cyberattack had resulted in the customer portals of Encevo and Creos becoming unavailable, there was no interruption in the provided services.

On July 28, the company posted an update on the cyberattack, with the initial results of their investigation indicating that the network intruders had exfiltrated “a certain amount of data” from the accessed systems.

At that time, Encevo wasn’t in a position to estimate the scope of the impact and kindly asked customers to be patient until the investigations were concluded, at which time everyone would receive a personalized notice.

Since no further updates have been posted on Encevo’s media portal, this procedure is likely still underway. Encevo says that when more information becomes available, it will be posted on a dedicated webpage for the cyberattack.

For now, all customers are recommended to reset their online account credentials, which they used for interacting with Encevo and Creos services. Furthermore, if those passwords are the same at other sites, customers should change their passwords on those sites as well.

Saryu Nayyar, CEO and Founder of Gurucul had this to say:

     “With Encevo unable to “estimate the scope” of the attack, it highlights a common problem with today’s security operations. Too often are security teams overwhelmed with disparate and unrelated alerts or have to piece together the alerts manually, which leads to false positives and wasted efforts. Security teams lack the high accuracy needed to not only establish a threat but also understand the entire attack campaign versus just individual threats. The ability to collect a full set of telemetry across different sources, link together the various indicators of compromise (IoCs) and “build the puzzle” automatically is critical to providing the full context needed by security teams to get ideally prevent the attack, but also in this case be able respond appropriately and quickly.”

I for one will be interested to see the scope of the attack and the data that was stolen. Or in the words of the pipeline operator, “accessed” as that’s going to be interesting to see. Along with how the pipeline operator deals with the fallout of this attack.

Leave a Reply

%d bloggers like this: