Article Details

ALPHV blackmails Canadian pipeline over claims it stole 190GB of vital info. Gang going after critical infrastructure because it's...you know. Canada's Trans-Northern Pipelines has allegedly been breached by the ALPHV/BlackCat ransomware crew, which claims to have stolen 190 GB of data from the oil distributor. ALPV, which added Trans-Northern to its blackmail site on Tuesday and said the purloined files include "all important information."  The oil and gas concern, which operates about 528 miles (850 kilometers) of pipeline in Ontario and Quebec, and nearly 200 miles (320 kilometers) of pipeline in Alberta, did not immediately respond to The Register's inquiries. The criminals' claims, however, immediately drew parallels to the 2021 Colonial Pipeline ransomware attack — and not only because of the major fuel-supply target. In response to that Colonial intrusion, which targeted the backend IT system, the oil execs decided to shut off the pipeline, leading to fuel shortages and general chaos on the US East Coast. Plus, as Emsisoft threat analyst Brett Callow noted on social media, "Alphv is linked to BlackMatter which was linked to Darkside which was the #ransomware operation responsible for the attack on Colonial Pipeline." Trans-Northern is the fourth critical infrastructure org that Alphv has claimed, in the last two days, to have compromised over the past few months.  The ransomware gang said it was responsible for the Lower Valley Energy "cybersecurity incident" in late December. The US utility cooperative in northwest Wyoming and southeastern Idaho provides energy services to Yellowstone National Park. Alphv also claimed it broke into Spanish electricity provider SerCide in December and Canada's Rush Energy. "Governments need to quickly come up with ways to better secure critical infrastructure as, if they do not, it's only a matter of time before a significant, if not catastrophic, attack takes place," Callow said. ALPHV's extortion claims come as governments are warning about the potential of destructive cyber attacks on critical infrastructure.  This includes China's Volt Typhoon, which compromised "multiple" IT environments across communications, energy, transportation, water, and wastewater processing sectors in the United States, according to American government agencies.  The Beijing-backed cyberspies, however, also pose a risk to the UK as well as Canadian, Australian and New Zealand energy systems, according to last week's Five Eyes' warning.