Ransomware and Data Exfiltration Attacks Put Energy Sector at Risk

In a recent regulatory filing with the U.S. Securities and Exchange Commission (SEC), ENGlobal Corporation disclosed details of a cybersecurity attack discovered on November 25, which prompted the company to take certain systems offline to mitigate the threat.

Headquartered in Houston, Texas, ENGlobal provides engineering and professional services, primarily to energy sector organizations and U.S. government agencies.

“The preliminary investigation has revealed that a threat actor illegally accessed the company’s information technology (IT) system and encrypted some of its data files,” Security Week reports the company stated.  

Following the discovery, ENGlobal swiftly initiated containment measures, launched an internal investigation, engaged external cybersecurity experts, and restricted access to its IT systems.

Access to essential business operations remains available while recovery efforts are underway. However, the company admitted, “The company has not yet determined whether the cybersecurity incident is reasonably likely to materially impact the company’s financial condition or results of operations.”

The filing did not specify whether sensitive data was exfiltrated or provide details on the ransomware used in the attack. ENGlobal also indicated that the timeline for fully restoring IT systems remains uncertain.

This incident highlights the vulnerability of critical service providers to cyberattacks. ENGlobal specializes in automated control systems for various sectors, including energy, municipalities, hospitals, and commercial buildings, making robust cybersecurity measures a priority.  

While the company continues to assess the full scope of the breach, it assured stakeholders that measures were in place to address and remediate the situation.

Takeaway: The attack on ENGlobal Corporation, and the recent confirmation by Schneider Electric of a ransomware attack that resulted in the breach of 40 GB of sensitive data, highlight a growing national security concern: the cascading risks posed by cyberattacks on critical suppliers to the energy sector.  

In the world of energy and automation, the theft of sensitive supplier data is more than a corporate issue—it has potential ramifications for national energy security and economic stability.

Ransomware attacks are increasingly accompanied by data exfiltration, and for good reason, as the stolen information can serve as a potent weapon in follow-up operations.  

Attackers can analyze technical blueprints, system configurations, operational protocols, or even customer-specific details to craft precision attacks on downstream targets, such as energy producers.  

These entities manage infrastructure that powers homes, businesses, hospitals, and military facilities. A well-coordinated cyber assault leveraging stolen data could lead to service disruptions, safety risks, or even long-term supply chain destabilization.

In the U.S., energy production and distribution systems are designated as critical infrastructure, meaning disruptions to these systems can have far-reaching effects on national security.  

For example, if attackers use exfiltrated data to identify vulnerabilities in energy producers' operational technology (OT) systems, they could exploit these weaknesses to disrupt power grids or sabotage energy facilities.  

Such actions could incapacitate entire regions, cripple economic activity, and even undermine public trust in the nation’s ability to maintain essential services.

The Schneider Electric breach illustrates how high-value data theft can fuel cascading attacks. If similar data was exfiltrated in ENGlobal’s case, adversaries could develop detailed knowledge of the supply chains, engineering designs, or automation systems vital to energy production and infrastructure.  

This intelligence could enable not only ransomware campaigns but also targeted strikes designed to cripple the energy sector and destabilize the entire nation. Given the stakes, incidents like these are not merely corporate crises—they are national security events.  

A failure to act decisively could leave critical systems exposed to adversaries with the capability and intent to disrupt the nation’s energy lifelines.

‍

Halcyon.ai eliminates the business impact of ransomware. Modern enterprises rely on Halcyon to prevent ransomware attacks, eradicating cybercriminals’ ability to encrypt systems, steal data, and extort companies – talk to a Halcyon expert today to find out more and check out the Halcyon Attacks Lookout resource site. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.