Colombia’s largest public energy, water, and gas provider Empresas Públicas de Medellín (EPM) hit by BlackCat ransomware attack.
Colombia’s largest public energy, water, and gas provider Empresas Públicas de Medellín (EPM) hit by BlackCat ransomware attack got disrupted the company’s operations and taking down online services. The EPM is one of Colombia’s largest public energy, water, and gas providers, providing services to 123 municipalities. The company generated over $25 billion in revenue in 2022 and is owned by the Colombian Municipality of Medellin.
The company representative told approximately 4,000 employees to work from home, with IT infrastructure down and the company’s websites no longer available.
EPM disclosed to local media that they were responding to a cybersecurity incident and provided alternative methods for customers to pay for services.
The Prosecutor’s Office later confirmed to EL COLOMBIANO that ransomware was behind the attack on EPM that caused devices to be encrypted and data to be stolen.However, the ransomware operation behind the attack was not disclosed.
The security researcher Dr Zakir Hussain mentioned that the Manufacturing industries with the highest number of attack attempts in terms of infected machines for the BlackCat ransomware.
Recently BlackCat’s attacks have been detected in multiple locations globally, but organizations based in the US lead the victim count, followed by some in Europe and Asia-Pacific.
He said, BlackCat (aka AlphaVM, AlphaV, or ALPHV) swiftly gained notoriety for being the first major professional ransomware family to be written in Rust, a cross-platform language that enables malicious actors to customize malware with ease for different operating systems like Windows and Linux, thus affording a wide range of enterprise environments. in many cases, BlackCat use the Emotet botnet to deploy its ransomware payload. Blackcat has a history of A massive attack on German oil companies in 2022, Italian energy agency
According to the Federal Bureau of Investigation’s (FBI) advisory published on April 19, 2022, several developers and money launderers for BlackCat have links to two defunct ransomware-as-a-service (RaaS) groups – DarkSide and BlackMatter – suggesting that they have been leveraging established networks and extensive experience in the RaaS business.