Romania’s Oltenia Energy Complex reports a serious ransomware breach

Authorities in Romania are investigating a ransomware incident at the Oltenia Energy Complex after hackers encrypted company files and disabled major IT services over the Christmas period.
Romania’s largest coal-based power producer, the Oltenia Energy Complex, has confirmed a ransomware attack that encrypted key IT systems while national energy operations reportedly remained secure.

A ransomware attack has disrupted the Oltenia Energy Complex, Romania’s largest coal-based power producer, after hackers encrypted key IT systems in the early hours of 26 December.

The state-controlled company confirmed that the Gentlemen ransomware strain locked corporate files and disabled core services, including ERP platforms, document management tools, email and the official website.

The organisation isolated affected infrastructure and began restoring services from backups on new systems instead of paying a ransom. Operations were only partially impacted and officials stressed that the national energy system remained secure, despite the disruption across business networks.

A criminal complaint has been filed. Additionally, both the National Directorate of Cyber Security of Romania and the Ministry of Energy have been notified.

Investigators are still assessing the scale of the breach and whether sensitive data was exfiltrated before encryption. The Gentlemen ransomware group has not yet listed the energy firm on its dark-web leak site, a sign that negotiations may still be underway.

An attack that follows a separate ransomware incident that recently hit Romania’s national water authority, underlining the rising pressure on critical infrastructure organisations.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!