Romanian energy supplier Electrica hit by ransomware attack
Electrica Group, a key player in the Romanian electricity distribution and supply market, is investigating a ransomware attack that was still "in progress" earlier today.
The company serves over 3.8 million users with nationwide coverage for electricity supply, maintenance, and energy services, distributing electricity to customers across Transilvania and Muntenia.
Electrica was established as a National Electricity Company (CONEL) division in 1998 and became an independent entity in 2000. Since 2014, Electrica has been double-listed on the Bucharest and London stock exchanges.
On Monday, Electrica announced to investors that it is collaborating with national cybersecurity authorities to investigate an "ongoing cyberattack."
"We want to emphasize that the Group's critical systems have not been affected, and any disruptions in interaction with our consumers are the result of protective measures for internal infrastructure," Electrica CEO Alexandru Aurelian Chirita said.
"These measures are temporary and are designed to ensure the security of the entire system. Our primary priority remains maintaining continuity in the distribution and supply of electricity, as well as protecting the managed personal data and the operational data of all entities within Electrica Group."
Tagged as ransomware by the Ministry of Energy
While the Romanian electricity supplier has yet to officially disclose the nature of the attack, a Ministry of Energy press statement says the company was the victim of a ransomware attack that hasn't impacted Electrica's SCADA systems used to control and monitor its distribution network.
"Initial investigations show that it was a ransomware attack. The network equipment has been removed and is not affected," Energy Minister Sebastian Burduja said.
"The SCADA systems of Distributie Electric Power Romania are fully functional and insulated, and our technical teams, together with our security partners, are already on the ground to eliminate any risk."
This cyberattack comes after the country's Romania's Constitutional Court (CCR) annulled the presidential elections based on extensive information showing that a TikTok influence campaign linked to Russia affected the first round of elections.
A declassified report from Romania's Intelligence Service (SRI) also revealed that over 85,000 cyberattacks targeted the country's election infrastructure from November 19 to November 25, the night after the first presidential election round.
Socks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked Devices
Cybercrime gang arrested after turning Airbnbs into fraud centers
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2018-19410 Paessler PRTG Network Monitor Local File Inclusion Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
CVE-2018-8639 Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
InformationalRetrieved from Cache
InformationalAuthentication Request Identified
InformationalSec-Fetch-Dest Header Has an Invalid Value
Medium.env Information Leak
LowInsufficient Site Isolation Against Spectre Vulnerability
InformationalContent-Type Header Empty
Free online web security scanner
