The next front in ransomware

Hi it’s Ryan in Edinburgh. A ransomware gang has developed a devious new method to turn the screws on its victims. But first...Today’s must- [View in browser]( [Bloomberg]( Hi it’s Ryan in Edinburgh. A ransomware gang has developed a devious new method to turn the screws on its victims. But first... Today’s must-reads: - Bill Gates was [part of a secret push]( to save President Biden’s climate bill - Amazon [accuses]( the FTC of harassing Jeff Bezos in probe - Ratan Tata, 84, backs a startup to[stave off senior loneliness]( Hackers maximize embarrassment A ransomware group known as Black Cat is waging an aggressive campaign against scores of companies in the US and Europe, adopting a novel technique to pressure victims into paying expensive extortion fees. Ransomware groups typically used to just encrypt a victim’s files and demand a payment to unlock them. Then many of them began stealing files, too, threatening to post the data unless they were paid an additional fee. But often the stolen data was difficult to access. Black Cat has attempted to solve the issue. In June, the group began making stolen data searchable on its website. The result is that victim data is easier to view online, which maximizes the reputational damage that a company could face and gives the hackers more leverage as they seek to extort a large payout. Cybersecurity researchers at Unit 42, a cybersecurity team at Palo Alto Networks, have linked Black Cat’s members to Russia, pointing out that the group communicates to its members or affiliates in the Russian-language and is known to operate on Russian cybercrime forums. The group, also known as ALPHV, seems to have a particular affinity for attacking energy companies. Late last month, for instance, the gang targeted a Luxembourg-based gas and energy provider, Creos Luxembourg, and its parent company Encevo SA. The intruders broke into the company’s computers and encrypted files stored on them, then demanded a payment to unlock the information. Encevo refused to pay any money to the group, according to a company spokesman. Subsequently, the hackers dumped more than 100 gigabytes of corporate data — including emails and internal reports — on the dark web. The hack disrupted customer access to some of Encevo’s and Creos’ websites but didn’t affect gas and electricity supplies, according to the spokesman. Nevertheless, the incident again highlighted the danger that ransomware hackers pose to the energy sector. The group behind Black Cat has previously targeted other energy suppliers. In February, hackers affiliated with Black Cat infected computers at Mabanaft GmbH and Oiltanking GmbH. The gang also has links to a group named DarkSide, which last year breached Colonial Pipeline Co., according to Brett Callow, a threat analyst at the cybersecurity firm Emsisoft. Callow said Black Cat's targeting of energy companies is particularly alarming, as it’s possible for such attacks to disrupt supplies of electricity or gas.  The DarkSide hack, for instance, shut down the largest gasoline pipeline in the U.S. for several days. The hackers, he said, aren’t always in a position to know the impact of the attack — nor do they seem to care. In the case of the attack on the Luxembourg energy provider Creos, “the concerning aspect here is that Black Cat would have had no clue whether this attack would disrupt supply,” said Callow. “They wouldn’t have understood the full technical implications of what they were doing, but they did it anyway.” In May, Rob Joyce, the National Security Agency’s cybersecurity director, said US sanctions against Russia had made it harder for hacking gangs operating in the country to move money and buy computer infrastructure. Lately, however, Black Cat has “been operating like business as usual,” according to Doel Santos, a threat intelligence analyst for Unit 42 at Palo Alto Networks. In July, Santos said, Black Cat was identifying nearly one victim a day on its dark web page. —[Ryan Gallagher](mailto:rgallagher76@bloomberg.net) The big story Big Tech has been helping Big Oil pump more fuel, despite pledging to cut their own emissions. Microsoft, Amazon and other cloud-service companies [are increasingly responsible]( for the computing horsepower behind oil giants’ efforts to find and extract more oil and natural gas. What else you need to know Amazon’s labor union is planning to file [for another election near Albany](. Tencent’s biggest investees plummeted after reports that the social media giant intends to sell all or much of stake in [food delivery giant Meituan]( to appease Beijing. The three largest US publicly traded Bitcoin mining companies [lost more]( than $1 billion in the second quarter. SPAC king Chamath Palihapitiya has been [quiet lately](. Bloomberg TV talks with a tech CEO about Andreessen Horowitz’s Adam Neumann bet: “[I don’t know how you justify that](.” Join Bloomberg Live in London for the [Bloomberg Technology Summit]( on Sept. 28 to see Europe’s business leaders, policy makers, entrepreneurs and investors explain how they’re adapting to this new environment—and discuss solution-based strategies. Follow Us More from Bloomberg Dig gadgets or video games? [Sign up for Power On]( to get Apple scoops, consumer tech news and more in your inbox on Sundays. [Sign up for Game On]( to go deep inside the video game business, delivered on Fridays. Why not try both? Like getting this newsletter? [Subscribe to Bloomberg.com]( for unlimited access to trusted, data-driven journalism and subscriber-only insights.​​​​​​​ You received this message because you are subscribed to Bloomberg's Fully Charged newsletter. If a friend forwarded you this message, [sign up here]( to get it in your inbox. [Unsubscribe]( [Bloomberg.com]( [Contact Us]( Bloomberg L.P. 731 Lexington Avenue, New York, NY 10022 [Ads Powered By Liveintent]( [Ad Choices](