RomaniaSecurity AffairsRomania’s Oltenia Energy Complex suffers major ransomware attack
Monday, December 29, 2025
What
On December 26, 2025, Romania's state-controlled Oltenia Energy Complex (CE Oltenia) detected a Gentlemen ransomware attack that encrypted critical documents and rendered several IT business applications, including ERP systems, email services, and the company website, temporarily unavailable. The incident partially affected the company's activity, but the national energy supply was not endangered. The energy provider promptly isolated affected systems, initiated restoration from backups on new infrastructure, and launched an investigation into the full scope of the breach, including any potential data exfiltration.
Where
The incident affected the Oltenia Energy Complex (CE Oltenia), Romania's leading lignite mining and coal-fired power producer, which operates 12 units across multiple plants and 15 open-pit mines within Romania.
When
The ransomware attack was identified on December 26, 2025, around 01:40. Restoration efforts from backups began shortly after.
Key Factors
- •The attack specifically utilized the "Gentlemen" ransomware, which encrypted documents and disrupted core business IT infrastructure, including ERP systems, email, and the company's public website.
- •Despite the significant disruption to IT systems, the operational technology (OT) systems managing the actual energy production and the national energy supply were explicitly stated to be unaffected and remained safe.
- •The absence of the Oltenia Energy Complex on the Gentlemen ransomware group's Tor data leak site suggests that negotiations between the victim and the threat actors might be ongoing.
- •This incident follows a recent ransomware attack on Romanian Waters, indicating a potential trend of cyberattacks targeting critical infrastructure organizations within Romania.
Takeaways
- →Critical infrastructure organizations must implement robust backup and recovery strategies, including isolated backups, to ensure business continuity and rapid restoration following ransomware attacks.
- →Maintaining strict segmentation between IT and OT networks is crucial for critical infrastructure to prevent IT-level breaches from impacting operational systems and national services.
- →Organizations should develop and regularly test incident response plans that include communication protocols with national cybersecurity authorities and law enforcement, as demonstrated by CE Oltenia's actions.
Opens original article on Security Affairs
