Ohio’s largest ​​oil producer says ‘no impact’ seen after cyberattack

Encino Energy, one of the largest private natural gas and oil producers in the U.S., said it has investigated and remediated a recent cyberattack.

The Houston-based company had not publicly acknowledged the incident until contacted by The Record. Evidence of an attack surfaced on the dark web earlier this week when the ALPHV ransomware group added the company to its data leak site.

Encino Energy spokesperson Jackie Stewart would not say if the cyberattack was a ransomware incident, if the company paid a ransom or if it had examined the 400GB of data on ALPHV's site. The post by the cybercrime group does not mention a dollar figure or a deadline for payment.

“Encino Energy was previously aware of unauthorized activity, investigated the action, and remediated the issue,” Stewart said.

The company, which is the largest oil producer in Ohio, did not say when the attack occurred.

“There was no impact to our operations, and we continue to operate business as usual,” Stewart said.

ALPHV, also known as BlackCat, is a rebrand of the prolific BlackMatter ransomware group, which itself was allegedly a rebrand of the DarkSide ransomware — a gang accused of launching the headline-grabbing attack on Colonial Pipeline in 2021.

Stewart did not respond to questions about whether the incident was reported to federal authorities — as mandated by directives handed down by Transportation Security Administration in 2021.

The attack on Encino Energy would be the latest on an oil and gas producer by ALPHV, which was previously implicated in an incident involving two energy companies based in Luxembourg.

An internal report from Germany’s Federal Office for Information Security said the ALPHV ransomware group was behind a February 2022 cyberattack on oil companies Oiltanking and Mabanaft, both owned by German logistics conglomerate Marquard & Bahls.

The attack crippled their loading and unloading systems, and Oiltanking said it “declared force majeure” due to the attacks. Energy giant Shell was forced to reroute oil supplies to other depots, and German newspaper Handelsblatt said 233 gas stations across Germany had to run some processes manually because of the attack.

In 2022, incident response firm Dragos said it responded to 21 cyberattacks on oil and gas companies while also noting that ALPHV had the fourth-most ransomware attacks on the industrial sector as a whole last year.

There has already been a major ransomware attack on an energy supplier this year, with Canada’s Qulliq Energy Corporation dealing with an incident in January that brought down its payment systems.