{"id":7785,"date":"2022-12-16T18:59:58","date_gmt":"2022-12-16T09:59:58","guid":{"rendered":"https:\/\/cyberenso.jp\/?p=7785"},"modified":"2023-02-06T19:01:34","modified_gmt":"2023-02-06T10:01:34","slug":"blackcat-ransomware-gang-believed-to-be-responsible-for-a-cyber-attack-against-colombian-energy-supplier-epm","status":"publish","type":"post","link":"https:\/\/cyberenso.jp\/en\/blackcat-ransomware-gang-believed-to-be-responsible-for-a-cyber-attack-against-colombian-energy-supplier-epm\/","title":{"rendered":"BlackCat ransomware gang believed to be responsible for a cyber attack against Colombian energy supplier EPM"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"7785\" class=\"elementor elementor-7785\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-df1ed32 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"df1ed32\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-cd18b5a\" data-id=\"cd18b5a\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-189a95c elementor-widget elementor-widget-text-editor\" data-id=\"189a95c\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>On Monday 12<sup>th<\/sup> of December 2022, the Colombian energy company Empresas P\u00fablicas de Medell\u00edn (EPM) experienced a ransomware attack that disrupted the company&#8217;s operations and took down online services. On Tuesday 13<sup>th<\/sup> of December 2022, the company told approximately 4,000 employees to work from home, with IT infrastructure down.<\/p><p>Even though EPM did not disclose the ransomware operation behind the attack, it is believed that the BlackCat ransomware operation, aka ALPHV, was behind the attacks, and is claiming to have stolen corporate data during the attacks. Evidence to support this is a Chilean security researcher,\u00a0Germ\u00e1n Fern\u00e1ndez discovered\u00a0a recent sample of BlackCat&#8217;s &#8216;ExMatter&#8217; data-theft tool, uploaded from Colombia to a malware analysis site. And when analysing the ExMatter tool, Fern\u00e1ndez found that it uploaded the data to a remote server that was not adequately secured, allowing any visitor to see the data stored on it. And the uploaded data was stored in various folders starting with &#8216;EPM-,&#8217; as shown below. While it is unclear how much total data was stolen, Fern\u00e1ndez\u00a0told a source that there were a little over forty devices listed on the server.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>On Monday 12th of December 2022, the Colombian energy company Empresas P\u00fablicas de Medell\u00edn (EPM) experienced a ransomware attack that disrupted the company&#8217;s operations and took down online services. On Tuesday 13th of December 2022, the company told approximately 4,000 employees to work from home, with IT infrastructure down. Even though EPM did not disclose the ransomware operation behind the<span class=\"excerpt-hellip\"> [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":7786,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,12,2,7,8,1],"tags":[],"class_list":["post-7785","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-latest_news","category-read_article","category-ce_news","category-by_country","category-industry_sector","category-uncategorized"],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cyberenso.jp\/wp-content\/uploads\/2023\/02\/Picture11.jpg?fit=1377%2C917&ssl=1","_links":{"self":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/7785"}],"collection":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/comments?post=7785"}],"version-history":[{"count":5,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/7785\/revisions"}],"predecessor-version":[{"id":7792,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/7785\/revisions\/7792"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media\/7786"}],"wp:attachment":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media?parent=7785"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/categories?post=7785"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/tags?post=7785"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}