Romania’s largest oil company ‘Rompetrol’ hit by Hive ransomware operators

Romanian gas station ‘Rompetrol’ is hit by a ransomware attack. Rompetrol is a subsidiary of KMG International which made an announcement stating that they are dealing with a complex cyberattack that made them shut down their websites and their Fill&Go service at gas stations.

Rompetrol’s Hive ransomware attack and the ransom demands

Rompetrol is the largest oil company in Romania and has a capacity of over five million tons a year. The company operates in Europe, North Africa, and Central Asia.  

It is suspected that the entity behind the Rompetrol ransomware attack is Hive ransomware operators and the ransom demands are suspected to be in several millions. Rompetrol announced the same on social media today. As of now KMG has intimated Romanian National Directorate of Cyber Security (DNSC) who is actively resolving the situation now.

“To protect the data, the company has temporarily suspended the operation of the websites and the Fill&Go service, both for the fleets and for the private customers,” said a Rompetrol spokesperson.”The activity of Rompetrol gas stations is carried out normally, the customers having at their disposal the option of payment in cash or by bank card.”

As per an anonymous tip shared with BleepingComputer, the hackers might have reached the  internal network of Petromidia refinery that belongs to Rompetrol. However, the company states otherwise.

As per an email to Rompetrol’s employees, the attack was first detected at 21:00 on Sunday affecting their IT services.

Details on Hive ransomware operators

Hive ransomware operators have been lively recently targeting at least three organizations a day. And the Hive ransomware operators are demanding two million as ransom from the Rompetrol. Hive employs a variety of tactics, techniques and hacking methodologies to breach networks, which is why the Hive ransomware gang is a sophisticated group that organizations should be concerned about.

Recent attacks have Hive includes compromising Memorial Health System which made them cancel surgeries and other diagnostic procedures including patient information.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, and Twitter.

You can reach out to us via Twitter/ Facebook or mail us at admin@thecybersecuritytimes.com for advertising requests.