- BlackCat ransomware group claims to breach Creos LuxemS.A.’s computer systems in the last month; July 2022.
- The cyberattack group claimed to have stolen 150 GB from the company, a total of 180.000 files.
- Encove group, owner of Creos published an advisory informing that the attackers have indeed stolen a certain amount of data from their system computers or made it inaccessible by hackers.
BlackCat ransomware group took responsibility for a cyberattack against Creos Luxembourg S.A., which owns and manages electricity networks and natural gas pipelines in the Grand Duchy of Luxembourg. The ransomware group claimed to have stolen 150 GB from the company, a total of 180.000 files.
150 GB of data have been stolen
Encevo, Creos‘s owner who operates as an energy supplier in five EU countries, published a security bulletin to inform that the gas pipeline was a cyberattack victim between July 22 and 23. The company informed that they are investigating the incident for understanding and complete resolution. And the situation was under control. However, they added that this attack harmed the operation of the customer portals of Créos and Enovos.
As an update, Encove published another advisory informing that the attackers have indeed stolen a certain amount of data from their system computers or made it inaccessible by hackers. The company is currently analyzing the hacked data and does not have all the information necessary to inform personally each potentially affected person. They set up a website to publish regular updates regarding attacks.
On the other hand, the BlackCat ransomware group added Creo as a victim on their website. They claimed to have stolen 150 GB of data including contracts, agreements, passports, bills, and emails. They added that they will publish the stolen data.

BlackCat made headlines first in November 2021 and since then performed a series of major attacks. They attacked Oiltanking GmbH, a German fuel company to disrupt its operations at the beginning of this year. And in February 2022, they attacked an aviation company, Swissport. The group chooses its victims from high-profile businesses in critical industries including energy, financial institutions, legal services, and technology.
The BlackCat is also known as “ALPHV”, a ransomware family developed in the Rust programming language. It is one of the fastest-growing Ransomware-as-a-Service (RaaS) dark web groups practicing so-called “double extortion” by threatening its victims to release the stolen data to the public if the ransom isn’t paid.