Lynx Ransomware Breach Targets Romania’s Electrica Group

The Romanian National Cybersecurity Directorate (DNSC) has confirmed that the Lynx ransomware gang successfully breached Electrica Group, a leading electricity supplier in Romania.

About Electrica Group

Electrica Group, initially part of the National Electricity Company (CONEL) in 1998, became an independent entity in 2000. Since 2014, it has been publicly traded on the London and Bucharest stock exchanges. With a customer base exceeding 3.8 million across Muntenia and Transylvania, Electrica provides electricity, maintenance, and other energy services.

On Monday, Electrica informed investors of an ongoing ransomware attack under investigation by national cybersecurity authorities. Romania’s Energy Minister, Sebastian Burduja, assured the public that SCADA and critical systems remained unaffected as a precautionary measure.

Details of the Breach

DNSC identified the Lynx ransomware gang as the attackers and released a YARA detection script for organizations to identify potential compromises. In a statement, DNSC emphasised: “Based on available data, critical power supply systems have not been affected and are operational. The investigation is currently ongoing. In the event of a ransomware infection, the Directorate strongly recommends that no one pay the ransom requested by the attackers.”

DNSC urged entities in the energy sector to proactively scan their IT infrastructure for malware using the provided YARA script, even

Source