Romanian Energy Producer Electrica Suffers Ransomware Attack

Electrica Group, a leading electricity distributor and supplier in Romania, is responding to a ransomware attack that remains "in progress."  

Serving over 3.8 million customers nationwide, Electrica provides electricity distribution, maintenance, and energy services across Transilvania and Muntenia, Bleeping Computer reports.

Established in 1998 as part of the National Electricity Company (CONEL) and becoming independent in 2000, Electrica has been listed on the Bucharest and London stock exchanges since 2014.

On Monday, Electrica informed investors of the cyberattack and announced its collaboration with national cybersecurity authorities to investigate. CEO Alexandru Aurelian Chirita assured that the company’s critical systems, including SCADA systems used for network control and monitoring, remain unaffected.  

He attributed any service disruptions to protective measures taken to safeguard the company’s internal infrastructure. Chirita emphasized that these measures are temporary and prioritize securing operations, consumer data, and system continuity.

The Romanian Ministry of Energy confirmed the ransomware attack but highlighted that it did not compromise Electrica's operational systems.  

The company has not disclosed further details about the incident but continues to focus on maintaining uninterrupted electricity distribution and protecting sensitive data. The investigation is ongoing, with a focus on mitigating the attack's impact and ensuring long-term system security.

Takeaway: The ransomware attack on Electrica Group is part of a growing pattern of cyber assaults targeting energy providers globally.  

Just last week, Costa Rica’s state-owned energy company, RECOPE, faced a ransomware attack that forced it to switch to manual operations and extend work hours to maintain fuel distribution.  

Similarly, Schneider Electric recently reported a ransomware breach involving the theft of 40 GB of sensitive data, and ENGlobal Corporation of Texas disclosed a ransomware incident in a regulatory filing with the U.S. Securities and Exchange Commission (SEC).

These incidents underscore the evolving nature of ransomware attacks, which increasingly include data exfiltration.  

Stolen data such as technical blueprints, system configurations, and operational protocols can enable attackers to craft precision attacks on energy infrastructure, disrupting services and endangering national security.  

Energy providers are particularly vulnerable as they manage critical systems powering homes, businesses, hospitals, and even military facilities.

Such breaches carry profound risks. Exfiltrated data can expose vulnerabilities in operational technology (OT) systems, potentially allowing attackers to sabotage power grids, disrupt energy supply chains, or cripple regional economies.  

The cascading effects can destabilize national infrastructure, compromise public safety, and erode trust in essential services.

Recent breaches, like those at Schneider Electric and ENGlobal, highlight the severity of this trend. Cybercriminals now use advanced tools like zero-day exploits, ransomware-as-a-service platforms, and cross-platform malware to infiltrate and disrupt critical sectors.  

As ransomware evolves into a multi-billion-dollar enterprise, the stakes for energy providers—and national security—continue to rise. Governments worldwide should recognize these attacks as national security threats and intensify their counter-ransomware efforts.

‍

Halcyon.ai eliminates the business impact of ransomware. Modern enterprises rely on Halcyon to prevent ransomware attacks, eradicating cybercriminals’ ability to encrypt systems, steal data, and extort companies – talk to a Halcyon expert today to find out more and check out the Halcyon Attacks Lookout resource site. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.