Romanian energy supplier Electrica hit by ransomware attack

​Electrica Group, a key player in the Romanian electricity distribution and supply market, is investigating a ransomware attack that was still "in progress" earlier today.

The company serves over 3.8 million users with nationwide coverage for electricity supply, maintenance, and energy services, distributing electricity to customers across Transilvania and Muntenia.

Electrica was established as a National Electricity Company (CONEL) division in 1998 and became an independent entity in 2000. Since 2014, Electrica has been double-listed on the Bucharest and London stock exchanges.

On Monday, Electrica announced to investors that it is collaborating with national cybersecurity authorities to investigate an "ongoing cyberattack."

"We want to emphasize that the Group's critical systems have not been affected, and any disruptions in interaction with our consumers are the result of protective measures for internal infrastructure," Electrica CEO Alexandru Aurelian Chirita said.

"These measures are temporary and are designed to ensure the security of the entire system. Our primary priority remains maintaining continuity in the distribution and supply of electricity, as well as protecting the managed personal data and the operational data of all entities within Electrica Group."

Tagged as ransomware by the Ministry of Energy

While the Romanian electricity supplier has yet to officially disclose the nature of the attack, a Ministry of Energy press statement says the company was the victim of a ransomware attack that hasn't impacted Electrica's SCADA systems used to control and monitor its distribution network.

"Initial investigations show that it was a ransomware attack. The network equipment has been removed and is not affected," Energy Minister Sebastian Burduja said.

"The SCADA systems of Distributie Electric Power Romania are fully functional and insulated, and our technical teams, together with our security partners, are already on the ground to eliminate any risk."

This cyberattack comes after the country's Romania's Constitutional Court (CCR) annulled the presidential elections based on extensive information showing that a TikTok influence campaign linked to Russia affected the first round of elections.

A declassified report from Romania's Intelligence Service (SRI) also revealed that over 85,000 cyberattacks targeted the country's election infrastructure from November 19 to November 25, the night after the first presidential election round.