Hive Ransomware Gang Impacts Rompetrol Gas Station Network
The Ransomware Gang is Allegedly Asking for a $2 Million Ransom.
Last updated on June 7, 2022
Rompetrol is the operator of Petromidia Navodari, the largest oil refinery in Romania, with a processing capacity of more than five million tons annually.
It looks like a ransomware attack hit the Rompetrol gas station network, with the KMG International’s subsidiary declaring that it is fighting a “complex cyberattack.”
KMG International is one of the world’s largest oil companies, with operations in fifteen countries across Europe, Central Asia, and North Africa. Refining, marketing, trading, production, and oil industry services such as drilling, EPCM, and transportation are among KMG’s main activities.
Following the attack, the petroleum provider was forced to shut down its websites and the Fill&Go service at gas stations.
Who Did It?
As per BleepingComputer, the attackers behind the Rompetrol incident are members of the Hive ransomware organization and have demanded a multi-million dollar ransom.
According to an anonymous tip to BleepingComputer, the attackers have also gained access to the Petromidia refinery’s internal IT network, but Rompetrol claims that the refinery’s operations are unaffected.
The company stated in an email to employees that the cyberattack was observed at 21:00 hours (local time) on Sunday and that it impacted “most of the IT services.”
What’s In for Hive Ransomware?
It seems that the Hive Ransomware gang is behind the attack on KMG subsidiary Rompetrol with the threat actor now demanding a $2 million ransom from the petroleum provider in exchange for a decryptor and the promise not to leak allegedly stolen information.
Prior to the attack, KMG announced over the weekend that Rompetrol Rafinare would be closed from March 11 to April 3 for a scheduled technological turnaround.
The technological shutdown is a necessity for the good functioning of the refinery units and is part of the general strategy of the Group, through which a precise calendar of activities has been established, with general turnarounds carried out every 4 years and technological shutdowns scheduled every 2 years.
As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.