The BlackCat/ALPHV ransomware gang claimed responsibility for an attack that hit the systems of Italy’s energy agency Gestore dei Servizi Energetici SpA (GSE) over the weekend.
GSE is a publicly-owned company that promotes and supports renewable energy sources (RES) across Italy.
A GSE spokesperson disclosed that its website and systems were taken down to block the attackers from gaining access to the data after detecting the attack on Sunday night—GSE’s website is still down, almost a week after the incident.
Cybersecurity authorities and police in Italy are still investigating the attack and looking into what data was compromised during the incident, GSE told Bloomberg.
Before GSE’s disclosure, the BlackCat ransomware group added a new entry to its dark web data leak site claiming to have stolen roughly 700GB of files from the Italian energy agency’s servers.
The attackers say that the stolen files contain confidential data, including contracts, reports, project information, accounting documents, and other internal documentation.
This attack follows another incident involving Eni SpA, the largest energy company in Italy, with more than 31,000 employees that operates in national and international markets.
Eni SpA also revealed that it was recently hacked as part of a cyberattack the firm said had minor consequences on its operations.
Earlier this year, BlackCat also said it was behind ransomware attacks against Creos Luxembourg S.A., a natural gas pipeline and electricity network operator from central Europe, and the German petrol supply firm Oiltanking.
A Darkside/Blackmatter rebrand
Although they rebranded as BlackMatter in July 2021, they were quickly forced to shut down again in November, after the gang’s servers were seized and Emsisoft found and exploited a weakness in the ransomware to create a decryptor.
This group is considered one of the most significant ransomware threats currently targeting enterprises worldwide.
More recently, BlackCat has also been evolving its extortion tactics, launching a new searchable database of stolen data that made the group’s double-extortion attacks even more damaging for victims.