A major ransomware attack has paralyzed the IT systems of Romania's largest coal-based electricity producer, threatening national energy security just days after a similar strike on the country's water authority.

Continue reading
A ransomware strike against Romania's Oltenia Energy Complex during the Christmas holidays has raised alarms about the vulnerability of critical national infrastructure to cyber threats.
On the second day of Christmas, December 26, 2025, the Oltenia Energy Complex (Complexul Energetic Oltenia), a cornerstone of Romania's power grid, fell victim to a severe ransomware attack. The assault by the "Gentlemen" ransomware gang crippled internal IT systems, encrypting files and taking critical applications offline. The state-owned company, which operates four power plants and provides approximately 30% of Romania's electricity, was forced to rebuild its infrastructure from backups to restore operations.
The cyberattack disrupted the energy provider's core administrative functions. Encrypted documents and disabled applications included the company's Enterprise Resource Planning (ERP) systems, document management software, corporate email service, and public website. The incident partially affected company operations, but officials confirmed that the attack did not compromise the physical operation of the National Energy System, preventing broader blackouts.
Upon detecting the breach, the company's IT teams initiated an emergency recovery process, rebuilding affected systems on new infrastructure using existing backups. An assessment is ongoing to determine if the attackers stole sensitive data before deploying the ransomware.
The attack has been attributed to the relatively new "Gentlemen" ransomware operation, which first emerged in August 2025. The group is known for:
The group has listed nearly 40 victims on its data leak site but, as of the latest reports, had not yet listed Oltenia Energy Complex. This suggests ransom negotiations between the attackers and the company may be ongoing.
The incident triggered a swift response across Romanian institutions:
This attack is part of a worrying trend targeting Romanian critical infrastructure:
| Aspect | Detail |
|---|---|
| Date of Attack | December 26, 2025 |
| Attacker | Gentlemen Ransomware Gang |
| National Impact | Provides ~30% of Romania's electricity |
| Key Systems Hit | ERP, Document Management, Email, Website |
| Recovery Action | Rebuilding from backups on new infrastructure |
| Investigating Body | DIICOT (Organized Crime & Terrorism Directorate) |
The successful attack on a major energy producer underscores a significant shift in the cyber threat landscape, where ransomware groups are increasingly targeting essential services and national infrastructure. While the physical power grid remained operational this time, the incident exposes the fragile digital backbone of critical systems.
The outcome of this event will likely influence national cybersecurity policy in Romania and across the European Union, potentially leading to stricter mandates for protecting critical infrastructure. The focus will remain on whether the company's backup strategy allows for a full recovery without paying a ransom and if any exfiltrated data is later leaked by the attackers.

148 malicious npm packages masquerading as student proxy and school Wi-Fi bypass tools. Rather than compromising developers during installation