Colombian energy company Empresas Públicas de Medellín (EPM) suffered a BlackCat/ALPHV ransomware attack on Monday, disrupting the company’s operations and taking down online services.
EPM is one of Colombia’s largest public energy, water, and gas providers, providing services to 123 municipalities. The company generated over $25 billion in revenue in 2022 and is owned by the Colombian Municipality of Medellin.
On Tuesday, the company told approximately 4,000 employees to work from home, with IT infrastructure down and the company’s websites no longer available.
EPM disclosed to local media that they were responding to a cybersecurity incident and provided alternative methods for customers to pay for services.
The Prosecutor’s Office later confirmed to EL COLOMBIANO that ransomware was behind the attack on EPM that caused devices to be encrypted and data to be stolen.
However, the ransomware operation behind the attack was not disclosed.