Croatia’s largest petrol company becomes victim to ransomware

Croatia ransomware attack

INA Group (belongs to MOL group) is a Croatia’s biggest oil company and consists of many petrol stations for its operations. On Feb14th, at 10:00 pm local time the company became victim to a ransomware attack and has infected its systems. However, the company has confirmed its petrol delivery to customers and payments aren’t affected.

Invoice management, handling loyalty cards, mobile vouchers management, electronic vignettes, and natural gas bill payments are facing hindrance. INA disclosed the attack and did regret for the inconvenience it has caused to its customers. INA also mentioned in their website that they are taking steps to resolve the situation and keep the customers informed about their progress.

The CLOP Ransomware behind INA take down

As per Sophos Malware Analyst, with Twitter handle @AltShiftPrtScn has mentioned that there is a new ransomware strain that is going live, working with command-and-control server, and is involved with CLOP operations. Adding to his point, security researchers have detected CLOP ransomware variants in VirusTotal, a malware scanning application.

Please note that the CLOP ransomware has upgraded itself, and is now targeting companies instead of individuals, and it is also lately called ‘Big-Game Ransomware’, as it encrypts corporate data and demands for exorbitant ransom.

How to defend against CLOP ransomware attack?

Organizations need to ensure they have updated their operating systems, applications, firmware and BIOS to the latest security patches. Building a robust firewall configurations, cybersecurity awareness to the employees, data backup protocols, and data security configurations can reduce the probability of being hit by CLOP ransomware.

However, these measures don’t mean you are a hundred percent secured. Being proactive is a key to reducing the chances of being attacked. However, please ensure you do have reactive measures like log management, SIEM, threat detection and more to identify the attack immediately.

Share the article with your friends

John Greenwood

He has been working with Cybersec and Infosec market for 12+ years now. Passionate about AI, Cybersecurity, Info security, Blockchain and Machine Learning. When he is not occupied with cybersecurity, he likes to go on bike rides!