Italy’s GSE suffers BlackCat ransomware attack

Shadowy figure sits in front of computer monitors (energyaustralia)
Image: Shutterstock

Hacking group BlackCat is behind a recent attack on Italy’s state-owned energy services firm GSE, stealing a massive amount of data and threatening to publish if their demands were not met, according to Reuters.

BlackCat is known for launching sophisticated attacks on scores of companies across the US and Europe.

On Friday it claimed to have downloaded 700GB of data from GSE, including information on projects, contracts and accounting, and uploaded images of documents from the hack.

Related article: Russian spies launch cyberattack on Ukraine’s grid

GSE has so far declined to comment on the hacking, but indicated the attack took place between Sunday and Monday.

The average recovery cost from a ransomware attack is estimated at $1.85 million, said Walter Ruffinoni, CEO of NTT Data Italia.

“In Italy, the phenomenon [has] risen 350 percent in the last year, where 1.9 percent of Italian companies each week suffered an attack of this type,” Ruffinoni said.

Last month Italian oil company Eni’s computer networks were also hacked.

Claroty CRO Simon Chassar said, “The BlackCat/APLHV ransomware gang have continued their trend of targeting key critical infrastructure with their latest attack on Italy’s energy agency.

“While it is yet to be confirmed whether cyber-physical systems were hit during this ransomware attack, with the number of targeted attacks on critical infrastructure organisations across the world, it’s vital that these devices are secured.

“As part of their digitalisation processes, organisations continue to converge their IT and operational technology (OT) systems, ultimately, expanding their attack surface. Threat actors are then able to cause disruption to both cyber and operational resilience as malware moves laterally to other network domains.

Related article: Russian Conti hackers claim CS Energy cyberattack

“To combat this, security teams must have full visibility across both their IT and OT systems as well as Extended IoT (XIoT) environment. Once an organisation has a complete understanding of their overall cyber risk, security teams can then patch urgent vulnerabilities and secure critical devices. 

“What’s more, organisations can implement network segmentation with asset class network policies to restrict unnecessary connectivity, ultimately, limiting the lateral movement of malware and impact of such attacks. With these procedures in place, organisations can stop a cyber incident becoming an operational crisis.”

Previous articleEnergy emission objective needs to be carefully weighted
Next articleCopenhagen Energy submits third offshore wind proposal