BlackCat Ransomware Linked to Italy’s Energy Services Firm Hack

  • Infamous hacking group BlackCat was linked to the recent attack on Italy’s state–owned energy services firm GSE by documents obtained by Reuters.

    According to the publication, BlackCat stole a considerable amount of data from GSE, then threatened to publish if their demands were not met.

    In particular, the ransomware group claimed to have downloaded 700GB of data from GSE, including information on projects, contracts and accounting. It also uploaded images of documents from the hack on dark web forums.

    The attack comes weeks after Italian oil company Eni’s computer networks were also breached, though no specific group claimed responsibility for the hack.

    “The BlackCat/ALPHV ransomware gang have continued their trend of targeting key critical infrastructure with their latest attack on Italy’s energy agency,” Claroty CRO Simon Chassar told Infosecurity Magazine.

    “Whilst it is yet to be confirmed whether cyber-physical systems were hit during this ransomware attack, with the number of targeted attacks on critical infrastructure organizations across the world, it’s vital that these devices are secured.”

    According to the executive, as part of their digitalization processes, organizations continue to converge their IT and operational technology (OT) systems, ultimately expanding their attack surface.

    “Threat actors are then able to cause disruption to both cyber and operational resilience as malware moves laterally to other network domains,” Chassar explained.

    To combat this, Claroty’s CRO believes security teams must have full visibility across both their IT and OT systems as well as Extended IoT (XIoT) environment.

    “Once an organization has a complete understanding of their overall cyber risk, security teams can then patch urgent vulnerabilities and secure critical devices,” he said.

    Further, he believes organizations should implement network segmentation with asset class network policies to restrict unnecessary connectivity, ultimately limiting the lateral movement of malware and the impact of such attacks.

    “With these procedures in place, organizations can stop a cyber incident from becoming an operational crisis.”

    Unfortunately, many companies don’t have such defenses in place. Case in point, the BlackCat ransomware group, empowered by successful attacks, recently increased the value of ransom demand requests up to $2.5m.