November 27, 2023 at 11:23AM
Slovenian power company Holding Slovenske Elektrarne (HSE) experienced a ransomware attack that affected its systems and encrypted files. However, the attack did not disrupt electric power production. HSE, the country’s largest power generation company, is considered critical infrastructure. The organization has taken measures to contain the attack, inform authorities, and prevent further spread. The attack is attributed to the Rhysida ransomware gang. So far, no ransom demand has been received. The situation is under control, and no operational disruption or significant economic damage is expected.
Key takeaways from the meeting notes are as follows:
1. Slovenian power company Holding Slovenske Elektrarne (HSE) experienced a ransomware attack that affected its IT systems and encrypted files.
2. Despite the attack, HSE confirmed that electric power production was not disrupted.
3. HSE is a critical infrastructure in Slovenia, accounting for around 60% of domestic power production.
4. HSE, founded in 2001, operates hydroelectric, thermal, and solar power plants, as well as coal mines across Slovenia and subsidiaries in Italy, Serbia, and Hungary.
5. The ransomware attack occurred on Wednesday, and HSE contained it by Friday, November 24.
6. The Director of the Information Security Office stated that power generation operations were unaffected, but IT systems and files were locked by the crypto virus.
7. HSE immediately informed national cyber incident authorities and engaged external experts to mitigate the attack and prevent further spread.
8. At present, no ransom demand has been received, but HSE remains on high alert and is still cleaning up its systems.
9. The situation is under control, and HSE does not anticipate operational disruption or significant economic damage.
10. The Rhysida ransomware gang is suspected to be behind the attack, as they have been active recently and their ransom notes only provide an email address for contact, without specifying monetary demands.
11. Unconfirmed reports suggest that Rhysida breached HSE by stealing passwords from an unprotected cloud storage instance.
12. Rhysida has been involved in high-profile attacks targeting organizations like the Chilean Army, Prospect Medical, and the British Library.
13. The U.S. Department of Health and Human Services (HHS) has issued an advisory warning about the Rhysida ransomware gang’s attacks on healthcare.
14. Recently, Rhysida listed stolen data allegedly belonging to a Chinese state-owned electric power conglomerate on their data leak site, offering it for auction.