Holding Slovenske Elektrarne (HSE), Slovenia’s major power generation company responsible for around 60% of domestic production, has fallen victim to a ransomware attack. Despite the breach compromising its systems and encrypting files, HSE asserts that the incident did not disrupt electric power production, emphasizing its critical infrastructure status.
Founded in 2001 and state-owned, HSE operates hydroelectric, thermal, and solar power plants, as well as coal mines across Slovenia. It also has subsidiaries in Italy, Serbia, and Hungary. The ransomware attack occurred last Wednesday, with containment efforts lasting until Friday, November 24.
Uroš Svete, Director of the Information Security Office, clarified that while power generation operations remained unscathed, the ransomware, described as a “crypto virus,” had impacted IT systems and files. HSE promptly notified the National Office for Cyber Incidents at Si-CERT and engaged external experts to manage the attack and prevent its spread within Slovenia.
As of now, no ransom demand has been received, but HSE remains vigilant during the ongoing system cleanup. In a joint statement, Uroš Svete and HSE’s General Manager, Tomaž Štokelj, reassured the public that the situation is under control, with no anticipated operational disruption or significant economic damage.
The attack is believed to be the work of the Rhysida ransomware gang, according to unofficial sources. This aligns with recent warnings from the FBI and CISA about Rhysida’s Techniques, Tactics, and Procedures (TTPs). Notably, HSE’s statement indicates a lack of ransom demand, consistent with Rhysida’s approach of providing only an email contact without specifying monetary demands in their ransom notes.
Unconfirmed reports suggest that the ransomware operators gained access to HSE by extracting passwords from an unprotected cloud storage instance.
Rhysida, emerging in May 2023, has targeted high-profile organizations, including the Chilean Army, Prospect Medical, and the British Library. The targeting of healthcare by the group prompted the issuance of a warning by the U.S. Department of Health and Human Services (HHS). Recently, Rhysida listed a Chinese state-owned electric power conglomerate on its data leak site, auctioning allegedly stolen data for 50 BTC ($1,850,268).
CyberSec84 | Cybersecurity news. 
Leave a comment