Hive Ransomware Gang Impacts Rompetrol Gas Station Network
The Ransomware Gang is Allegedly Asking for a $2 Million Ransom.
Rompetrol is the operator of Petromidia Navodari, the largest oil refinery in Romania, with a processing capacity of more than five million tons annually.
It looks like a ransomware attack hit the Rompetrol gas station network, with the KMG International’s subsidiary declaring that it is fighting a “complex cyberattack.”
KMG International is one of the world’s largest oil companies, with operations in fifteen countries across Europe, Central Asia, and North Africa. Refining, marketing, trading, production, and oil industry services such as drilling, EPCM, and transportation are among KMG’s main activities.
Following the attack, the petroleum provider was forced to shut down its websites and the Fill&Go service at gas stations.
Who Did It?
As of yesterday, both the KMG and Rompetrol websites are not reachable, and the Fill&Go app is no longer functional. The company’s email system (Microsoft Outlook) is, however, still up and running.
KMG has already informed the Romanian National Directorate of Cyber Security (DNSC), which is working with the company to resolve the issue and provide the necessary support.
To protect the data, the company has temporarily suspended the operation of the websites and the Fill&Go service, both for the fleets and for the private customers.
The activity of Rompetrol gas stations is carried out normally, the customers having at their disposal the option of payment in cash or by bank card.
According to an anonymous tip to BleepingComputer, the attackers have also gained access to the Petromidia refinery’s internal IT network, but Rompetrol claims that the refinery’s operations are unaffected.
The company stated in an email to employees that the cyberattack was observed at 21:00 hours (local time) on Sunday and that it impacted “most of the IT services.”
What’s In for Hive Ransomware?
It seems that the Hive Ransomware gang is behind the attack on KMG subsidiary Rompetrol with the threat actor now demanding a $2 million ransom from the petroleum provider in exchange for a decryptor and the promise not to leak allegedly stolen information.
More on Hive Ransomware
According to the FBI, the Hive ransomware group uses a wide range of strategies, techniques, and procedures, making it extremely difficult for businesses to protect against its attacks.
Security researchers who gathered data from Hive’s administrator panel showed that affiliates of the Hive ransomware group managed to breach in more than 4 months over 350 organizations.
Prior to the attack, KMG announced over the weekend that Rompetrol Rafinare would be closed from March 11 to April 3 for a scheduled technological turnaround.
The technological shutdown is a necessity for the good functioning of the refinery units and is part of the general strategy of the Group, through which a precise calendar of activities has been established, with general turnarounds carried out every 4 years and technological shutdowns scheduled every 2 years.