The ransomware attack that kept the Italian GSE offline last week came from BlackCat. The gang itself made that known.
The Italian Gestore dei Servici Energetici SpA discovered a week ago on Sunday that its systems were being attacked. Since then, those systems and the company’s website have been taken offline to mitigate the attack. The listed company supports renewable energy initiatives in Italy.
That attack now appears to come from BlackCat, also known as ALPHV, the hacker group that also previously attacked Creos Luxembourg, a gas pipeline and energy player. At the beginning of this year, the ransomware in question was also involved in hacking six oil terminals, including in our country.
BleepingComputer now reports that the hacker gang reports on their site on the dark web that they have stolen about 700 gigabytes of data from the Italian company. It would be contracts, reports, project info, accounting documents, and other files.