The cyberattack on the IT systems of Distribuție Energie Electrică România (DEER) was ransomware, but the network equipment is not affected, while the SCADA system is isolated and fully functional, the Ministry of Energy said on Monday.
“Romanians need to know that they are safe. No cyber attack will leave the country without energy, and critical infrastructure is protected by advanced measures. The SCADA systems of Distribuție Energie Electrică România are fully functional and isolated, and our technical teams, together with our security partners, are already on the ground to eliminate any risk. Those who orchestrated this attack must know that they will not go unpunished. Romania is strong and ready to face any challenge, be it cyber or political. I have requested the acceleration of the approval of the Emergency Ordinance for the establishment of the Cybersecurity Incident Response Center in Energy. This center will be a bastion of our energy security and will turn any attempt at destabilization into a crushing failure for attackers. Too many times we have seen how some want to transform Romania into a theater of subversive operations. This will not happen in energy while I am here. I assure all citizens that the energy system is stable, robust and well-defended. Whoever attacks Romania’s energy security will be held criminally liable, and the consequences will be severe. We do not give a single millimeter to those who wish us harm!”, said Energy Minister Sebastian Birduja in a press release quoted by Agerpres.
According to the ministry, initial investigations show that it was a ransomware attack, the network equipment was taken over and is not affected.
A detailed technical analysis was also initiated, and the hashes were collected to identify the content and possible origin of the attack. In addition, the servers are to be subjected to rigorous checks, while the data back-up is isolated and safe.
Following this incident, specialized forensic teams took over the digital artifacts resulting from the attack to determine its source, and the authorities are collaborating closely with public authorities with responsibilities in the field of cybersecurity to identify and counter the attack.
“We reiterate the need for the urgent adoption of the Emergency Ordinance on the establishment of the and the operationalization of the Cybersecurity Incident Response Center in Energy (CRISCE). The project is currently under inter-ministerial approval at the Ministry of Finance and the Ministry of Labor and Social Solidarity. CRISCE will have the resources and personnel necessary to prevent, manage and deter these attacks, ensuring Romania’s energy security,” the Ministry of Energy states.
The Electrica Group announced on Monday that it was subject to a cyber attack and teams of specialists are collaborating with national authorities in the field of cybersecurity to manage and remedy the incident, according to a statement sent to the Bucharest Stock Exchange.
“We would like to emphasize that the Group’s critical systems are not affected, and any malfunctions that occurred in the interaction with our consumers are effects of internal infrastructure protection measures. These measures are temporary and are intended to ensure the security of the entire system,” the group states.
According to the company, at this time, all specific response protocols have already been activated in accordance with internal procedures and regulations in force.
“Our main priority is to maintain continuity in the distribution and supply of electricity, as well as to protect the personal data managed and the operational data of all entities within the Electrica Group. We will continue to inform the public about the evolution of the situation and the measures taken to remedy it. In this context, we recommend that our consumers be attentive to any suspicious messages received on behalf of the company and avoid providing personal data through unsecured channels,” the Ministry of Economy emphasizes in the quoted statement.