More

    Oltenia Energy Complex in Romania Hit by Significant Ransomware Attack

    Cybercrime

    Romania’s Oltenia Energy Complex Suffers Major Ransomware Attack

    On December 26, 2025, Romania’s Oltenia Energy Complex, the country’s largest coal-based power producer, experienced a significant ransomware attack that led to the disruption of its IT systems. This incident is a stark reminder of the vulnerabilities faced by critical infrastructure sectors, particularly in the energy domain.

    Overview of Oltenia Energy Complex

    The Oltenia Energy Complex (CE Oltenia) is a vital player in Romania’s energy landscape. Controlled by the state, it manages 12 operational units with a combined capacity of 3,570 MW across several power plants located in Rovinari, Turceni, and Craiova. In addition to being the primary producer of coal-fired energy, CE Oltenia operates 15 open-pit mines, yielding approximately 15 to 18 million tons of lignite annually.

    The company employs around 10,000 workers and serves a wide array of customers in both wholesale and retail electricity markets. Despite a workforce reduction from 15,000, CE Oltenia reported a revenue of approximately €940 million in 2017, showing profitability amid ongoing restructuring efforts. As the European Union pushes for a green transition, CE Oltenia is investing €1.4 billion in renewable energy projects, including solar and gas, while ensuring baseload security.

    Details of the Cyber Attack

    The ransomware attack on December 26 was identified at around 01:40 AM, specifically characterized as a “Gentlemen ransomware” incident. The attack encrypted crucial documents and disrupted critical IT systems including ERP (Enterprise Resource Planning), email, and the corporate website. While operations were partially impacted, CE Oltenia assured that the national energy supply remained secure throughout the ordeal.

    Following the detection of the attack, the company quickly took measures to isolate the affected systems. Notifications were sent to the relevant authorities, including the National Directorate of Cyber Security and the Ministry of Energy.

    Restoration Efforts

    In response to the attack, CE Oltenia’s IT teams initiated restoration efforts to recover services from backups stored on new infrastructure. The investigation is still ongoing to assess how extensive the breach is and whether any data was compromised during the incident. A public statement from the company noted that while some files were encrypted and applications became temporarily unavailable, the functioning of the National Energy System remained intact.

    Legal Actions and Investigations

    The company has taken proactive steps by filing a criminal complaint with DIICOT (Directorate for Investigating Organized Crime and Terrorism) to investigate the attack further. At this stage, the Gentlemen ransomware group has not yet posted the breach on its Tor data leak site, indicating that negotiations may be ongoing.

    Context of Cyber Threats in Romania

    This attack on CE Oltenia does not stand alone; it comes in the wake of a similar incident involving Romanian Waters (Administrația Națională Apele Române), the nation’s water management authority. That incident affected around 1,000 computer systems across regional offices, although operational technology systems managing water infrastructure were reported to be unaffected, allowing water services to continue normally.

    Experts investigating the Romanian Waters attack confirmed that threat actors employed Windows BitLocker to encrypt systems and issued a ransom note demanding contact within seven days. However, the exact attack vector remains unidentified.

    Broader Implications

    The ransomware attack on Oltenia Energy Complex underscores the increasing challenges faced by critical infrastructure globally. With the ongoing digital transformation, energy companies must strengthen their cybersecurity measures to mitigate risks associated with such attacks. As these incidents become more frequent and sophisticated, the necessity for robust IT security frameworks and swift incident response plans becomes paramount.

    The events surrounding CE Oltenia serve as a vital case study for other organizations in the energy sector, highlighting the critical need for vigilance and readiness in the face of cyber threats.

    Follow Pierluigi Paganini on Twitter: @securityaffairs
    Connect on LinkedIn: Pierluigi Paganini
    Explore more on SecurityAffairs

    Latest articles

    Previous article
    Celltrion acquires Eli Lilly’s facility in New Jersey for $330 million
    Next article
    Elastic is experiencing a transition from responses to proactive solutions through generative AI.

    Related articles

    Leave a reply

    Please enter your comment!
    Please enter your name here

    Popular

    Popular articles

    Featured

    Popular categories

    Cybercrime107Corporate News99Generative AI99Operating Systems96Apps & Services93Wearables93

    © Copyright - Tbh.technology