Romanian Energy Company Electrica Group Hit by Lynx Ransomware Attack

By Riley ThompsonTechnology News

Electrica Group Suffers Ransomware Attack by Lynx Group

Romania’s largest energy company, Electrica Group, has fallen victim to a ransomware attack. According to cybersecurity experts, the incident was carried out by the extortion group known as Lynx.

Electrica Group currently serves over 3.8 million customers nationwide, providing electricity supply, network maintenance, and distributing power throughout Transylvania and Muntenia.

Company Response and Ongoing Investigation

Earlier this week, Electrica Group representatives informed investors that the company is cooperating with law enforcement and cybersecurity specialists, and is actively investigating the “ongoing cyberattack.”

“We want to emphasize that critical systems were not affected, and any disruptions in our interactions with customers are the result of protective measures taken to secure our internal infrastructure,” stated the head of Electrica. “These measures are temporary and are intended to ensure the safety of the entire system.”

Details of the Attack

While the company did not disclose specific details about the nature of the attack, Romania’s Ministry of Energy confirmed that Electrica Group was targeted by ransomware. It was emphasized that the incident did not impact SCADA systems, which are used to control and monitor the distribution network.

The Romanian National Cyber Security Directorate (DNSC), which is also involved in the investigation, has now reported that the Lynx ransomware group is responsible for the breach. DNSC provided a YARA script to help other companies detect possible signs of compromise in their networks.

“According to available data, critical power supply systems were not affected and are operating normally, but the investigation is ongoing. In the event of a ransomware infection, we strongly advise against paying the ransom demanded by the attackers,” the DNSC statement said.

About the Lynx Ransomware Group

The Lynx ransomware has been active since at least July 2024, and information about more than 78 victims has already been published on the group’s leak site.

According to researchers from the Center for Internet Security (CIS), Lynx’s victims include several American companies and more than 20 organizations in the energy, oil, and gas sectors, which were attacked between July and November 2024.

Experts believe that the Lynx ransomware may be based on the source code of the INC Ransom malware, which was previously offered for sale on hacker forums for $300,000. However, Lynx could also be a rebranding of INC Ransom, as cybercriminals often change their identities to avoid attracting attention from law enforcement agencies.

Source

Leave a Reply