On the second day of Christmas, a ransomware attack targeted Oltenia Energy Complex (Complexul Energetic Oltenia), Romania’s largest coal-based energy provider, disrupting its IT infrastructure.

This energy company, operating for 40 years, employs more than 19,000 individuals. It runs four power plants with a total production capacity of 3900 MWh, contributing approximately 30% of the nation’s electricity supply.

“As a result of the attack, several documents and files were encrypted, prompting temporary unavailability of multiple computer applications, including ERP systems, document management tools, email services, and the company website,” it revealed over the weekend.

“The incident partially affected our operations but did not compromise the function of the National Energy System. Complexul Energetic Oltenia is actively cooperating with the relevant authorities and is striving to restore its IT systems to full functionality as soon as possible.”

Immediately after detecting the attack, the IT teams commenced rebuilding the affected systems using new infrastructure and existing backups.

The company is currently assessing the overall impact and investigating whether the attackers accessed any sensitive data from the compromised systems.

The incident has been reported to the National Cyber Security Directorate, the Ministry of Energy, and other pertinent authorities, alongside a criminal complaint to DIICOT (Directorate for Investigating Organized Crime and Terrorism), which handles cybercrime investigations.

The Gentlemen ransomware group emerged in August, using compromised credentials to exploit Internet-exposed services for initial access to victims’ networks. This gang often attaches README-GENTLEMEN.txt ransom notes and encrypts documents with the .7mtzhh file extension.

Since its inception, this ransomware operation has included nearly forty victims on its Tor data leak site. However, Oltenia Energy Complex is not yet listed, likely due to ongoing ransom negotiations.

This incident follows a recent ransomware attack on Romanian Waters (Administrația Națională Apele Române), which occurred two weeks prior. That attack impacted around 1,000 computer systems and affected 10 out of 11 regional offices.

Nonetheless, officials stated that the operations of the national water authority were not disrupted, as they rely on dispatch centres with telephone and radio communication systems.

These aren’t isolated incidents; numerous major ransomware attacks have struck Romanian entities in recent years.

A year ago, Electrica Group, a prominent Romanian electricity supplier, was also hit by the Lynx ransomware gang, while over 100 hospitals across Romania were forced to take their systems offline following a Backmydata ransomware attack in February 2024.

Ineffective IAM is more than just an IT concern; it impacts your entire organization.

This practical guide outlines why conventional IAM approaches fail to meet contemporary demands and includes examples of effective IAM practices along with a checklist for establishing a scalable strategy.

Access the guide