According to security researchers and documents were seen by Reuters, the hacking group BlackCat was behind a recent attack on Italy’s state-owned energy services firm GSE, where they stole a massive amount of data and threatened to publish if their demands were not met.
Hackers steal data and threaten victims with data leaks in a ransomware attack, often extorting them for a cryptocurrency payment.
BlackCat, also known as ALPHV, first appeared in mid-November of last year and is known for launching sophisticated attacks on a number of companies in the United States and Europe.
On Friday, it claimed to have downloaded 700 gigabytes of data from GSE, including project, contract, and accounting information, and to have uploaded images of documents obtained through the hack.
“BlackCat has a history of targeting organizations in the energy industry and is very active,” said Ryan Olson, vice president of threat intelligence at Palo Alto Networks’ Unit 42.
“We are tracking 136 global victims who have been posted to their leak site so far in 2022,” he told Reuters.
GSE refused to comment. It had previously stated that the hacking attack occurred between Sunday and Monday.
According to Walter Ruffinoni, CEO of NTT Data Italia, the average recovery cost from a ransomware attack is $1.85 million.
“In Italy, the phenomenon has increased 350% in the last year, with 1.9% of Italian companies experiencing an attack of this type each week,” Ruffinoni said.
The computer networks of the Italian oil company Eni were also hacked last month, though the company said the consequences appear to be minor so far.
According to Olson, BlackCat posted 12 victims in June, 26 victims in July, and two victims so far in August on a dark website.
