Pipline and electricity operator Creos Luxembourg victim of BlackCat ransomware

Sicherheit (Pexels, allgemeine Nutzung)[German]In Luxembourg, the company Creos has fallen victim to the Alphv ransomware gang (better known as BackCat). Creos operates both a gas pipeline and electricity supply in the Grand Duchy. This was made public by a release from the Alphv ransomware group.


Alphv claims hack of Creos

I do not have too much information. I became aware of the issue on Twitter over the weekend via a post by Brett Callow. Brett posted an excerpt from a release by the Alphv ransomware group.

Netzbetreiber Creos Luxembourg Opfer der BlackCat Ransomware

Their release, dated July 29, 2022, states that Creos Luxembourg became a victim of their ransomware. They said that more than 150 GBytes of data had been siphoned off. Among the more than 180,000 files, it said, were confidential or sensitive data such as contracts, agreements, copies of IDs, invoices, emails and more. Today, Monday, the first documents are to be published – with this, the group probably wants to increase the pressure on the victim.

In another tweet, Brett clarifies that the Alphv ransomware group is just a new name for the BlackMatter gang. However, this was just a new name for the Darkside ransomware gang. Darkside was involved in the attack on pipeline operator Colonial Pipeline in the U.S. (see links at the end of the article) and, as BlackCat, was also involved in the attack on Hamburg-based Oiltanking Group. Callow estimates that the Alphv gang is probably at least as busy as theLockBit ransomware gang.

Statement from Creos

There is a short statement from Creos in French since July 24, 2022 – I've put together a translation here:


The Encevo Group would like to announce that its Luxembourg entities Creos (network operator) and Enovos (energy supplier) have been victims of a cyberattack during the night of July 22-23, 2022. The Encevo Group crisis team was immediately triggered and the situation is currently under control. We are in the process of gathering all the elements necessary to understand and fully resolve the incident.

Nevertheless, this attack has a negative impact on the operation of Creos and Enovos customer portals. We apologize to our customers for the inconvenience and are doing our best to restore service as soon as possible.

Creos and Enovos stress that electricity and gas supply are not affected and breakdown service is guaranteed.

In this tweet there are more screenshots of messaged from this company.

Who is Creos?

Creos Luxembourg S.A. is an operator of electricity networks and natural gas pipelines in the Grand Duchy of Luxembourg. Creos was created by the merger of Cegedel S.A., Luxembourg's grand-ducal electricity company, a concession company founded in 1928, which as a supplier covered 70% of the country's electricity needs at the time, Soteg S.A., Luxembourg's largest gas supplier, and Saar Ferngas AG, which was founded in Saarland in 1929. On January 23, 2009, all shares held by the shareholders of Cegedel S.A. and Saar Ferngas AG were transferred to Soteg S.A.. Following the successful mandatory takeover bid for all shares not yet held by it, the company undertook a comprehensive restructuring with retroactive effect from January 1, 2009, from which it emerged as a new energy group. It operates under the name Enovos and consists of the parent company, Enovos International S.A., and two major subsidiaries: Creos (formerly Cegedel S.A.), responsible for network activities, and Enovos Luxembourg S.A., responsible for production, sales and marketing activities. Enovos and Creos each have a subsidiary established in the German market: Enovos Germany and Creos Germany.

Similar articles
Ransomware attack on US pipeline operator (May 2021)
Ransomware attack on the US pipeline – the house is burning
Colonial Pipeline Attack: Wasted $5 Million and uses vulnerable Exchange Servers
DarkSide gang lost access to it's servers
Colonial Pipeline Attack: Wasted $5 Million and uses vulnerable Exchange Servers
Colonial Pipeline News: Hack by stolen VPN credential, FBI partially recovers ransom money
Cyberattack on Oiltanking: Black Cat ransomware group responsibe, also for Colonial Pipeline Hack

Cookies helps to fund this blog: Cookie settings


This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *