The firm responsible for a major gas station network in Romania has fallen victim to a ransomware attack, with the gang responsible demanding millions to return stolen data.
KMG subsidiary Rompetrol today declared it had been hit by a “complex cyberattack” last night that forced it to suspend some services at stations and shut down its websites.
Bleeping Computer has learned that the Hive cybercriminal gang has claimed responsibility and is threatening to leak the data – encrypted during the attack so Rompetrol can no longer access it – unless a ransom of $2 million is paid.
Thought to be one of the more sophisticated threat actors, Hive has played on its diverse array of tactics, techniques, and procedures to conduct an average of three attacks per day since it was first discovered in June.
It is not known if Rompetrol or its parent company KMG intend to pay the ransom, but the company has said it is working closely with cyber authorities in Romania “to resolve the situation.”
“We are in constant contact with the National Directorate of Cyber Security,” the company said in a statement published on LinkedIn. “To protect the data, the company has temporarily suspended the operation of the websites and the Fill&Go service, both for the fleets and for the private customers.”
It stressed that not all of its services had been compromised, and motorists can still pay in cash or by bank card for petrol at its stations.
Rompetrol added that the Petromidia refinery – which, with a processing capacity of more than five million tons a year, is the largest of its kind in Romania – had not been affected by the attack.
In contrast to this statement, Bleeping Computer said it had received unconfirmed reports that the refinery’s IT systems had in fact also been breached.
More from Cybernews:
Subscribe to our newsletter