A subsidiary of KMG Rompetrol was subjected to a “sophisticated cyberattack”, as a result of which it was forced to suspend some services at stations and close websites.
The Hive cybercriminal gang claimed responsibility for the hack, threatening to leak data encrypted during the attack if a $2 million ransom was not paid.
Hive is one of the most advanced ransomware gangs, which uses a diverse set of tactics, methods and techniques to conduct cyber attacks. Cybercriminals have carried out an average of 3 attacks a day since its introduction on the market in June last year.
It is not known whether Rompetrol or its parent company KMG intend to pay the ransom, but the company said it was working closely with Romanian cyber authorities “to resolve the situation.”
“We are in constant contact with the National Cybersecurity Administration,” the company said in a statement posted on LinkedIn. “To protect data, the company has temporarily suspended the operation of Fill&Go websites and service for both fleets and private customers.”
Rompetrol claims that some of the services work as usual, and motorists can still pay in cash or by bank card for gasoline at gas stations.
Rompetrol added that the largest Petromidia refinery in Romania, processing more than five million tons per year, was not affected by the cyber attack. However, other sources claim that the refinery’s IT systems were actually hacked as well.