Elain Brown Tech 09.02.2022 23:Sep PM EDT

BlackCat Ransomware Claims Cyberattack on Italy’s Energy Company, GSE

The BlackCat ransomware gang, also known as ALPHV, has breached another company again.

Over the weekend, Italy's energy agency, Gestore dei Servizi Energetici SpA (GSE), suffered a malware attack on its own systems and websites.

GSE is a publicly-owned company that promotes and supports renewable energy sources (RES) across Italy.

GSE is one of the administrative bodies in charge of overseeing the nation's power sector.

The group of threat actors has claimed responsibility for attacking Italy's publicly owned energy company and holding them for ransom.

It appears that the cyberattack was not executed to hurt GSE but to cause harm to Italy's energy industry. This assumption is made as another energy company in Italy experienced a breach this week.

BlackCat Ransomware Attack on GSE

The BlackCat ransomware gang is speculated to be behind the cyberattack on Italy's energy company, GSE.

According to BleepingComputer, the BlackCat ransomware gang published a post on the dark web. The post says that the group managed to steal 700 gigabytes of data from networks controlled by Italy's energy company,

In that post, the group also threatened the company that they would release the information publicly if GSE did not meet their demands.

This message was accompanied by a number of photos that seemed to be confidential company documents. BlackCat stated that the stolen files include sensitive material such as contracts, information on projects, accounting records, reports, and other types of internal documentation.

Following the discovery of the attack late on Sunday evening, the website and other systems of the company were taken offline during the incident in order to prevent the attackers from having access to the data.

Even after nearly a week has passed since the incident, their website is still inaccessible. It was not immediately obvious how much BlackCat was demanding in terms of extortion.

The Italian police and cybersecurity officials are currently determining the scope of the incident and the types of data that has been stolen or otherwise affected.

BalckCat Ransomware Attack on Eni SpA

BlackCat's attack on GSE was then followed by an attack on another Italian company called Eni SpA on Wednesday, August 31. Eni SpA is also an energy company and is the largest in Italy.

The company admitted that it had a security breach not long ago. The attack had an effect on the company's computer networks, but Eni SpA stated that it appeared as though the consequences would be relatively minor.

No one has claimed responsibility for that attack to date. The is working in collaboration with the appropriate authorities in the area to investigate the impact of the attack.

BlackCat Ransomware

The threat actors have claimed responsibility for breaching GSE, while there is still no news about who is behind the attack on Eni SpA.

According to Bloomberg, Prime Minister Mario Draghi reportedly called a meeting of high-ranking Italian officials to discuss what had happened.

Russian invasion of Ukraine has led to an increase in cyberattacks on western European businesses, according to Italian Foreign Minister Luigi Di Maio.

The minister went on to say that the attacks are part of a destabilization campaign that has been in place since the invasion in February.

Russia has been suspected of being behind the Blackcat ransomware group for some time. It has been discovered that certain members of the gang have been talking with one another in Russian. It is not known whether the Russian government directs the BlackCat gang or whether they operate independently.