A ransomware attack hit Oltenia Energy Complex (Complexul Energetic Oltenia), Romania’s largest coal-based energy producer, on the second day of Christmas, taking down its IT infrastructure.
The 40-year-old Romanian energy provider employs over 19,000 people, operates four power plants with an installed production capacity of 3900 MWh, and provides about 30% of Romania’s electricity.
“As a result of the attack, some documents and files were encrypted, and several computer applications became temporarily unavailable, including ERP systems, document management applications, the company’s email service, and website,” it said over the weekend.
“The company’s activity was partially affected, without jeopardizing the operation of the National Energy System. Complexul Energetic Oltenia is cooperating with the competent authorities and making every effort to fully restore its IT systems as quickly as possible.”
As soon as the attack was detected, its IT teams started rebuilding the affected systems on a new infrastructure, using existing backups.
At the moment, the company is still assessing the impact of the incident and analyzing whether the attackers stole data from compromised systems before they were encrypted.
The incident was reported to the National Cyber Security Directorate, the Ministry of Energy, and other relevant authorities, and the company also filed a criminal complaint with DIICOT (Directorate for Investigating Organized Crime and Terrorism), a law enforcement agency tasked with investigating and prosecuting cybercrime offenses.
The Gentlemen ransomware operation surfaced in August and is known for using compromised credentials and targeting Internet-exposed services to gain initial access to victims’ networks. The ransomware gang also deploys README-GENTLEMEN.txt ransom notes with contact information and encrypts documents using the .7mtzhh file extension.
Since it emerged, the Gentlemen ransomware group has added almost four dozen victims to its Tor data leak site. However, it has yet to add Oltenia Energy Complex, likely because they’re still negotiating a ransom.
This incident comes on the heels of another ransomware attack that hit Romanian Waters (Administrația Națională Apele Române), the country’s water management authority, two weeks ago, impacting approximately 1,000 computer systems and 10 of its 11 regional offices.
However, officials said the national water authority’s operations were unaffected by the incident as they are carried out through dispatch centres using telephone and radio communication channels.
These are not the only major ransomware attacks that have hit Romanian companies and organizations in recent years.
One year ago, Electrica Group (a major Romanian electricity supplier and distributor) was also breached by the Lynx ransomware gang, while over 100 hospitals across Romania had to take their systems offline after a Backmydata ransomware attack took down their healthcare management systems in February 2024.
Broken IAM isn’t just an IT problem – the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what “good” IAM looks like, and a simple checklist for building a scalable strategy.