December 11, 2024 at 11:30AM
The Romanian National Cybersecurity Directorate has confirmed that the Lynx ransomware gang breached Electrica Group, a major electricity supplier. While the attack is under investigation, critical systems remain unaffected. Electrica is collaborating with cybersecurity authorities, and the directorate advises scanning for malware and not paying ransom demands.
### Meeting Takeaways:
1. **Incident Overview**:
– The Lynx ransomware gang has breached Electrica Group, a major electricity supplier in Romania.
2. **Company Background**:
– Electrica Group operates independently since 2000 and serves over 3.8 million users in Muntenia and Transylvania. It is publicly listed on both the London and Bucharest stock exchanges.
3. **Current Status of Attack**:
– Electrica confirmed an ongoing ransomware attack and is working with national cybersecurity authorities for investigation. Critical systems, including SCADA, remain isolated and operational.
4. **Cybersecurity Recommendations**:
– DNSC (Romanian National Cybersecurity Directorate) advises entities, particularly in the energy sector, to scan their IT infrastructure for vulnerabilities using a YARA script provided for detection.
5. **Lynx Ransomware Details**:
– Lynx has been operational since July 2024, affecting 78 victims primarily in the energy sector. The group may be linked to prior ransomware operations, specifically INC Ransom, suggesting possible rebranding for evasion of law enforcement.
6. **Broader Context**:
– The attack follows significant cyber threats against Romanian electoral systems, indicating heightened cybersecurity risks in the region.
– Related incidents include a February ransomware attack that disrupted over 100 hospitals in Romania.
7. **Official Stance on Ransom Payment**:
– DNSC strongly recommends against paying any ransom demanded by attackers.
**Next Steps**:
– Continuous monitoring of the situation is crucial.
– Ensure all relevant departments are notified to perform the necessary scans and checks on their systems.
– Await further updates from the cybersecurity authorities regarding the investigation and threat landscape.