ALPHV blackmails Canadian pipeline after 'stealing 190GB of vital info'
Gang still going after critical infrastructure because it's, you know, critical
Updated Canada's Trans-Northern Pipelines has allegedly been infiltrated by the ALPHV/BlackCat ransomware crew, which claims to have stolen 190 GB of data from the oil distributor.
ALPHV added Trans-Northern to its blackmail site on Tuesday and said the purloined files include "all important information." Presumably the crew wants money or it'll leak that data.
The oil and gas concern, which operates about 528 miles (850 kilometers) of pipeline in Ontario and Quebec, and nearly 200 miles (320 kilometers) of pipeline in Alberta, had no immediate response to The Register's inquiries.
We can't help but be reminded of the 2021 Colonial Pipeline ransomware infection. In that particular case, in which backend IT systems were attacked, oil execs decided to shut off the pipeline, leading to fuel shortages, and long queues and some fisticuffs at the pumps, on the US East Coast.
Plus, as Emsisoft threat analyst Brett Callow noted on social media, "ALPHV is linked to BlackMatter which was linked to Darkside which was the #ransomware operation responsible for the attack on Colonial Pipeline."
Trans-Northern is the fourth critical infrastructure org that Alphv has in the past few days claimed to have compromised over the past few months.
- Is critical infrastructure prepared for OT ransomware?
- Uncle Sam sweetens the pot with $15M bounty on Hive ransomware gang members
- Volt Typhoon not the only Chinese crew lurking in US energy, critical networks
- Fidelity National now says 1.3M customers had data stolen by cyber-crooks
The ransomware gang said it was responsible for the Lower Valley Energy "cybersecurity incident" in late December. The US utility cooperative in northwest Wyoming and southeastern Idaho provides energy services to Yellowstone National Park.
ALPHV also claimed it broke into Spanish electricity provider SerCide in December and Canada's Rush Energy.
"Governments need to quickly come up with ways to better secure critical infrastructure as, if they do not, it's only a matter of time before a significant, if not catastrophic, attack takes place," Callow said.
ALPHV's extortion claims come as governments are warning about the potential of destructive cyber attacks on critical infrastructure.
This includes China's Volt Typhoon, which compromised "multiple" IT environments across communications, energy, transportation, water, and wastewater processing sectors in the United States, according to American government agencies.
The Beijing-backed cyberspies, however, also pose a risk to the UK as well as Canadian, Australian and New Zealand energy systems, according to last week's Five Eyes' warning. ®
Updated to add
A spokesperson for Trans-Northern got back to us shortly after publication to confirm the biz "experienced a cybersecurity incident in November 2023 impacting a limited number of internal computer systems," and it's probing the latest boasts by the ransomware gang.
"We have worked with third-party, cybersecurity experts and the incident was quickly contained. We continue to safely operate our pipeline systems. We are aware of posts on the dark web claiming to contain company information, and we are investigating those claims," the rep told The Register.