STOCKHOLM/MILAN - Hacking group BlackCat was behind a recent attack on Italy's state-owned energy services firm GSE, stole a massive amount of data and threatened to publish if their demands were not met, according to security researchers and documents seen by Reuters.

In a ransomware attack, hackers steal data and threaten their victims with data leaks, often extorting them for a crypto currency payment.

BlackCat, also known as ALPHV, emerged in mid-November last year and is known for launching sophisticated attacks on scores of companies across the U.S. and Europe.

On Friday it claimed to have downloaded 700 gigabytes of data from GSE, including information on projects, contracts and accounting, and uploaded images of documents from the hack.

"BlackCat has a history of targeting organizations in the energy industry and is very active," said Ryan Olson, vice president of threat intelligence at Unit 42, a division of cybersecurity firm Palo Alto Networks.

"We are tracking 136 worldwide victims posted to their leak site so far in 2022," he told Reuters.

GSE declined to comment. It had said earlier that the hacking attack took place between Sunday and Monday.

The average recovery cost from a ransomware attack is estimated at $1.85 million, said Walter Ruffinoni, CEO of NTT Data Italia.

"In Italy, the phenomenon have risen 350% in the last year, where 1.9% of Italian companies each week suffered an attack of this type," Ruffinoni said.

Last month Italian oil company Eni's computer networks were also hacked, though the company said the consequences appear to be minor so far.

On a dark web site, BlackCat posted 12 victims in June, 26 victims in July and so far two victims in August, Olson said.

(Reporting by Supantha Mukherjee in Stockholm and Elvira Pollina in Milan Additional reporting by Francesco Zecchini Editing by Peter Graff)