On March 6, the Romanian Rompetrol gas station in the Eastern European country was attacked by blackmail software, forcing the gas station’s official website and fill & go service to go offline.
Rompetrol operates the supporting oil stations for Petromidia Navodari, Romania’s largest refinery with an annual oil processing capacity of more than 5 million tons.
Rompetrol’s parent company, KMG International, is a large international oil company with operations in 15 countries across Europe, Central Asia, and North Africa. KMG’s primary business is oil refining, marketing, trade, and production, as well as oil industry services like drilling, EPCM (design procurement and construction management), and transportation.
Rompetrol, a Romanian oil supplier, recently announced that it is attempting to deal with a wave of “complex cyber attacks.”
Foreign media bleeping computer discovered that the attack was carried out by a hive blackmail software gang, and the other Party demanded a ransom of up to millions of dollars.
Rompetrol announced on Facebook after the attack, “tonight, Rompetrol encountered a complex network attack.”
In an email to employees, Rompetrol stated that the attack was detected at 21:00 local time on Sunday (March 6), affecting “most of the company’s IT services.”
KMG and Rompetrol’s official websites are still inaccessible, and the fill & go application (security internal reference: refueling service APP) is also down. Fortunately, the company’s e-mail system (Microsoft Outlook) remains operational.
KMG reported the incident to the Romanian National Network Security Agency (DNSc), which has been in contact with the company to assist it in resolving the issue and providing any necessary assistance.
“In order to protect the data, the company suspended normal operation of the website and fill & go service, and the fleet and individual customers are temporarily inaccessible,” Rompetrol explained.
“The Rompetrol gas station is still open for business, and customers can pay the gas fee with cash or a bank card.”
Foreign media obtained anonymous information The attacker also infiltrated the petromedia refinery’s internal IT network, according to bleepingcomputer. Rompetrol, on the other hand, stated that the operation of the petromidia refinery was unaffected.
This time, the hive blackmail software Gang is said to have attacked KMG subsidiary Rompetrol.
Hive Gang demanded a $2 million ransom in exchange for the decryptor and a promise not to reveal the stolen data.
Vinchin Backup & Recovery is the world’s most easy-to-use, flexible and reliable virtual machine backup software, which supports most of the virtualization environments. Vinchin supports the world’s most mainstream virtual environments including VMware, XenServer/XCP-ng, Hyper-V, RHV/oVirt, OpenStack, Sangfor HCI, Oracle Linux Virtualization Manager and Huawei FusionCompute(Xen Based). It prevents the loss of critical business data due to human misoperation, viruses, attacks, hardware failures, natural disasters, wars, etc. It now supports Chinese, English, German, Czech, etc. languages. By utilizing oVirt VM backup, instant VM recovery and granular restore features, you can fully ensure the high recoverability of your critical data in oVirt VMs and absolute business continuity.