August 5, 2021

Italian energy company ERG has reported “only a few minor disruptions” to its information and communications technology (ICT) infrastructure after a ransomware attack on its systems.

While the Italian renewable energy company called the incident a hacker attack, La Repubblica reported that the hack was committed by the LockBit 2.0 ransomware group.

The LockBit ransomware gang started operations in September 2019 and launched the LockBit 2.0 ransomware-as-a-service in June 2021.

The company stated that all plants are operating smoothly and have not experienced any downtime, ensuring uninterrupted operation.

ERG is the leading Italian wind energy operator and is one of the ten largest onshore operators in Europe with growing activities in France, Germany, Poland, Romania, Bulgaria and the United Kingdom.

It is active in the fields of wind energy, hydropower, solar energy and high-yield thermoelectric combined heat and power.

On Monday, Enel, Europe’s largest energy supplier, agreed to acquire ERG’s hydropower portfolio in a €1 billion euro deal.

In addition, the Italian region of Lazio suffered a probable RansomEXX ransomware attack that has compromised the region’s IT systems, including the health portal Salute Lazio, which is used for the COVID-19 vaccine registration.

The gang RansomEXX, the main suspect behind the Lazio attack, began operating as Defray in 2018. In June 2020, it was renamed RansomEXX and began targeting multinationals.

As soon as RansomEXX attackers break through a victim’s network, they spread sideways through the network and steal sensitive files that are used for extortion purposes.

For more information, read the original story in BleepingComputer.