A cybercriminal group publishes stolen data

LockBit, a cybercriminal group, published data stolen from Deutsche Energie-Agentur GmbH (dena) on the dark web.

Berlin, Germany, 9 February 2024. LockBit published data stolen from dena on the dark web, following a cyberattack of the company on 13 November 2023. An initial review of these stolen data records was performed, and dena then informed those affected by the publication which of their data may be affected. dena is in close contact with the German Federal Ministry for Economic Affairs and Climate Action (Bundesministerium für Wirtschaft und Klimaschutz, or BMWK) as shareholder representative and other national authorities. dena called in various service providers to analyse the incident and set up protective mechanisms.

Background and course of events: dena was the victim of a ransomware attack on 13 November 2023. As a precautionary measure, all dena servers were shut down immediately. A press release was issued on 14 November 2023 to inform the public of the attack. It was also communicated via the dena website. The national authorities were informed beforehand and criminal charges were filed. All dena business contacts were informed of the data theft by email and via the website once dena regained access to its contact databases and had set up a new email solution in order to send emails again.

The ransomware group BlackCat has claimed responsibility for the attack on dena. BlackCat always follows the same pattern and threatens to publish data if its ransom demands are not met. The cybercriminal group listed dena as a blackmailed company on its website and announced that it would publish data after around three weeks. A short time later, BlackCat’s websites were no longer accessible. An international group of investigators, led by US authorities, paralysed the hackers at the beginning of December. Instead, another cybercriminal group (LockBit) appeared shortly afterwards with the announcement that it was in possession of the stolen dena data and would publish it.  The ultimatum issued initially passed without any further action.

Please also note our data protection notice.