Romania's largest coal-based energy producer, Oltenia Energy Complex, suffered a significant ransomware attack during the Christmas holiday that disabled its IT infrastructure and encrypted critical administrative files. While the breach disrupted internal systems like email and document management, the company confirmed that national power generation remained stable as they work with cybersecurity authorities to restore operations from backups.
The Oltenia Energy Complex, a vital pillar of the Romanian power grid that supplies nearly a third of the country's electricity, discovered the cyberattack on the second day of Christmas. The breach targeted the IT infrastructure of the forty-year-old utility provider, which manages four major power plants and employs thousands of workers. Upon detection, the company’s technical teams immediately began the process of rebuilding systems on a new infrastructure by utilizing existing backups.
The impact of the intrusion was primarily felt across the company’s digital applications, including its enterprise resource planning systems and internal communications. Although the corporate website and email services were taken offline, officials emphasized that the physical operation of the power plants was never in jeopardy. This separation between administrative IT and operational technology ensured that the National Energy System continued to function without interruption despite the internal chaos.
GET 50% Discount for VPN/ANTIVIRUS SOFTWARE AT 911Cyber - CODE: bit5025
Investigations into the incident involve several high-level government agencies, including the National Cyber Security Directorate and the Ministry of Energy. A formal criminal complaint has also been filed with the Directorate for Investigating Organized Crime and Terrorism to track the perpetrators. Experts are currently analyzing the extent of the breach to determine if sensitive data was exfiltrated before the encryption process began, a common tactic used by modern extortion groups.
The attack has been attributed to the Gentlemen ransomware group, a relatively new threat actor that has been active since late summer. This group typically gains entry to networks through compromised credentials or exposed internet services and marks encrypted files with a specific extension. While the group maintains a leak site to pressure its victims, the energy company has not yet been listed, suggesting that a period of negotiation or evaluation may still be ongoing.
This security breach is the latest in a series of high-profile cyberattacks targeting critical Romanian infrastructure and public services. In recent months and years, the country’s water management authority, major electricity distributors, and over one hundred hospitals have all faced similar digital threats. These recurring incidents highlight an escalating trend of ransomware activity directed at essential services within the region, prompting increased urgency for improved defensive measures.
Source: Romanian Energy Provider Hit By Gentlemen Ransomware Attack Impacting Operations