DNSC: ‘Lynx ransomware operation responsible for cyberattack on Electrica’
According to the Romanian National Cybersecurity Directorate (DNSC), the Lynx ransomware gang is the culprit behind the cyberattack on Electrica Group, Romania’s biggest player in the electricity distribution and supply market.
Last week, the company said it was experiencing an ongoing cyberattack. No critical systems were affected, but it called in the help of external cybersecurity experts and authorities to manage and solve the incident.
Electrica Group CEO Alexandru Aurelian Chirita recommended keeping an eye out for any suspicious messages that are sent in the company’s name, as they could be a phishing attempt or part of a social engineering attack.
Secretary of Energy Sebastian Burduja told Romanian news outlets that no network equipment had been affected, and that the SCADA system was fully functional.
“Basically, there is no risk, Romanians must know that they are safe. All systems have been verified, from a cyber perspective, we cannot say that this attack had other consequences. Now those who did this must be found and sanctioned,” Burduja said.
What remained unclear is who carried out the cyberattack. Now we have an answer.
According to Romania’s National Cybersecurity Directorate (DNSC), the cybercrime group called Lynx Ransomware is directly responsible for the events of last week.
“Based on available data, critical power supply systems have not been affected and are operational, and the investigation is currently ongoing. In the event of a ransomware infection, the Directorate strongly recommends that no one pay the ransom requested by the attackers,” the DNSC says in a statement.
The National Cybersecurity Directorate recommends that all businesses and organizations that operate in the energy sector scan their ICT infrastructure for malicious software. “Identify which systems are affected and isolate them immediately from the rest of the network as well as from the internet,” the advisory group says.
Furthermore, businesses should keep a copy of all log files and communications from the attackers. In addition, they should make sure that all applications and other software are up-to-date so that known vulnerabilities are fixed.
Lastly, affected systems should only be restored with a copy of the backup data after they have been fully sanitized and thus are protected and secured against future cyberattacks.
Lynx ransomware group has been active since July 2024. Over 78 victims are on its leak site, primarily from the energy, oil and gas sector. Like other ransomware operations, Lynx is involved in data theft, extortion and encryption.
Your email address will not be published. Required fields are marked