LYNX Strikes Electrica: Romanian Energy Giant Hit by Ransomware Attack

The Romanian National Cybersecurity Directorate (DNSC) has reported a ransomware attack by the LYNX group targeting the energy company Electrica. The incident occurred on December 9 this year, prompting DNSC specialists to swiftly arrive on-site to investigate and mitigate the aftermath in collaboration with other competent authorities.

Electrica, one of the largest electricity providers in the region, manages generation, distribution, and sales, serving millions of customers, including industrial enterprises, commercial entities, and residential sectors. The company is known for ensuring reliable energy supply while incorporating innovative technologies to enhance the efficiency and resilience of its services.

Although the attack did not compromise critical power supply systems, DNSC experts urge all organizations, particularly those in the energy sector, to conduct thorough infrastructure checks for malware. This includes deploying YARA scripts and utilizing provided Indicators of Compromise (IOCs), such as file hashes and addresses of suspicious resources.

The malware identifies key data through specific code strings and operations. DNSC specialists have developed YARA rules to swiftly detect the threat, incorporating the ransomware’s unique characteristics and offering recommendations to prevent its spread.

Organizations affected by such attacks are advised against paying ransoms to cybercriminals. Instead, they should isolate infected systems, retain copies of hacker communications for analysis, and cooperate with authorities. Additionally, utilizing free decryption tools available on platforms like Europol and ID Ransomware is strongly recommended.

DNSC emphasizes the critical importance of regularly updating software and maintaining data backups. It also advises promptly updating all security systems and addressing known vulnerabilities to prevent similar incidents in the future.

The published file hashes and YARA rules are now available on the DNSC website. The organization underscores the necessity of swift response measures and encourages proactive communication with employees, clients, and partners about potential threats.