Romanian energy supplier Electrica Group is facing a ransomware attack

Romanian energy supplier Electrica Group is investigating an ongoing ransomware attack impacting its operations.

Romanian energy supplier Electrica Group suffered a cyber attack that is impacting its operations. The company assured investors that the attack hadn’t affected its critical systems, but temporary disruptions in customer services might occur due to enhanced security protocols. These measures aim to safeguard operational and personal data.

Electrica is activating internal cybersecurity protocols and collaborating with national cybersecurity authorities to identify the source of the attack and contain its impact.

Electrica is a public company, listed on the Bucharest and London stock exchanges. Electrica is the only listed Romanian company in the field of electricity distribution and supply in Romania. Electrica Group is a key player in the electricity distribution and supply market in Romania, as well as one of the most important players in the energy services sector in the country.

Electrica Group was established in 1998 as a division of CONEL, Romania’s largest electricity distribution company, and became independent in 2000 after CONEL’s restructuring.

The main activities of the Group are the distribution and supply of electricity to final customers.

The company serves over 3.8 million customers and is listed on the Bucharest and London stock exchanges

Early this week, the energy supplier published a note to notify investors of the ongoing cyber attack.

“Electrica Group is under a cyber attack. The teams of specialists are working closely with the national cybersecurity authorities to manage and resolve the incident, aiming to address the situation as quickly as possible, identify the source of the attack, and limit its impact.” reads the note. “We want to emphasize that the Group’s critical systems have not been affected, and any disruptions in interaction with our consumers are the result of protective measures for internal infrastructure. These measures are temporary and are designed to ensure the security of the entire system. At this time, all specific response protocols have already been activated in accordance with internal procedures and current regulations. Our primary priority remains maintaining continuity in the distribution and supply of electricity, as well as protecting the managed personal data and the operational data of all entities within Electrica Group.”

Electrica Group advised customers to stay vigilant against potential phishing attempts and suspicious communications claiming to be from Electrica.

The company did not disclose details of the cyberattack, however, Romania’s Ministry of Energy confirmed that the company was the victim of a ransomware attack that hasn’t impacted the company’s SCADA systems.

“Initial investigations show that it was a ransomware attack. The network equipment has been removed and is not affected,” Energy Minister Sebastian Burduja said. “The SCADA systems of Distributie Electric Power Romania are fully functional and insulated, and our technical teams, together with our security partners, are already on the ground to eliminate any risk.”

Intelligence analysts believe the attack was launched by pro-Russian groups as retaliation for Romania’s annulment of its presidential election over alleged Russian interference.

Romania ‘s Intelligence Service revealed that over 85,000 cyberattacks targeted the country’s election systems.

Threat actors gained access to credentials for election-related websites, and then leaked them on Russian cybercrime forums a few days before the presidential election.

“The intelligence service also said access data for official Romanian election websites was published on Russian cyber crime platforms. The access data was probably procured by targeting legitimate users or by exploiting the legitimate training server, the agency said.” states Reuters. “It added that it had identified over 85,000 cyber attacks which aimed to exploit system vulnerabilities.”

Moscow has denied any attacks on the Romanian electoral systems.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Romania)