Romanian energy provider hit by Gentlemen ransomware attack

Published:

29 december 2025 om 14:26:00

Alert date:

29 december 2025 om 16:02:44

Source:

bleepingcomputer.com

Ransomware & Malware, Critical Infrastructure

The Gentlemen ransomware group attacked Oltenia Energy Complex, Romania's largest coal-based energy producer, on December 26th. The attack disrupted the company's IT infrastructure during the Christmas holiday period. This represents a significant attack on critical energy infrastructure in Romania. The timing during holidays suggests the attackers may have chosen this period to maximize impact while response capabilities were reduced. Energy sector attacks are particularly concerning due to potential impacts on power supply and national security.

Technical details

The Gentlemen ransomware attack on Oltenia Energy Complex encrypted documents and files, disrupting IT infrastructure including ERP systems, document management applications, email service, and website. The ransomware group uses compromised credentials and targets Internet-exposed services for initial access. Files are encrypted with .7mtzhh extension and README-GENTLEMEN.txt ransom notes are deployed. The company detected the attack and began rebuilding systems on new infrastructure using existing backups.

Mitigation steps:

Organizations should secure Internet-exposed services, implement strong credential management, maintain secure backups, establish incident response procedures, report incidents to relevant cybersecurity authorities, and rebuild affected systems on new infrastructure using clean backups.

Affected products:

ERP systems
Document management applications
Email service
Company website

Related CVE's:

Related threat actors:

Gentlemen ransomware group

IOC's:

.7mtzhh file extension, README-GENTLEMEN.txt ransom note

This article was created with the assistance of AI technology by Perceptive.