Cyber attack against Belgium city of Antwerp claimed by Play ransomware
December 12, 2022
H-Hotels cyber attack claimed by Play ransomware
December 19, 2022

BlackCat ransomware gang believed to be responsible for a cyber attack against Colombian energy supplier EPM

On Monday 12th of December 2022, the Colombian energy company Empresas Públicas de Medellín (EPM) experienced a ransomware attack that disrupted the company’s operations and took down online services. On Tuesday 13th of December 2022, the company told approximately 4,000 employees to work from home, with IT infrastructure down.

Even though EPM did not disclose the ransomware operation behind the attack, it is believed that the BlackCat ransomware operation, aka ALPHV, was behind the attacks, and is claiming to have stolen corporate data during the attacks. Evidence to support this is a Chilean security researcher, Germán Fernández discovered a recent sample of BlackCat’s ‘ExMatter’ data-theft tool, uploaded from Colombia to a malware analysis site. And when analysing the ExMatter tool, Fernández found that it uploaded the data to a remote server that was not adequately secured, allowing any visitor to see the data stored on it. And the uploaded data was stored in various folders starting with ‘EPM-,’ as shown below. While it is unclear how much total data was stolen, Fernández told a source that there were a little over forty devices listed on the server.

Leave a Reply

Your email address will not be published. Required fields are marked *