Ransomware cyber

Rompetrol

Sep 4, 2025 1 min read
Rompetrol

Rompetrol, Romania’s largest oil refinery operator with an annual production exceeding 5 million tons of oil, fell victim to a Hive ransomware attack. The incident forced the company to shut down its websites and disable the Fill&Go service at its gas stations, severely disrupting operations. The attack compromised most of the company’s IT services, with the Hive group threatening to leak stolen data unless a $2 million ransom was paid. The breach not only halted critical digital services but also posed a risk of data exposure, financial loss, and operational paralysis, potentially affecting fuel distribution and customer transactions. The use of ransomware further escalated the threat by combining data encryption, extortion, and reputational damage, placing the company’s continuity and customer trust at significant risk.

Source: https://www.acronis.com/en/tru/posts/operator-of-romanias-largest-oil-refinery-hit-by-ransomware/

TPRM report: https://www.rankiteo.com/company/rompetrol

"id": "rom2302023090825",
"linkid": "rompetrol",
"type": "Ransomware",
"date": "9/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Oil & Gas (Refining, Retail Fuel)',
                        'location': 'Romania',
                        'name': 'Rompetrol',
                        'type': 'Corporation'}],
 'data_breach': {'data_encryption': True, 'data_exfiltration': True},
 'description': "Rompetrol, the operator of Romania's largest oil refinery "
                '(producing over 5 million tons of oil annually), was targeted '
                'by the Hive ransomware group. The attack forced the shutdown '
                "of Rompetrol's websites and the Fill&Go service at its gas "
                'stations. The Hive group threatened to leak stolen data '
                'unless a $2 million ransom was paid. The incident disrupted '
                "most of Rompetrol's IT services.",
 'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
                                       'service disruption and data leak '
                                       'threat',
            'data_compromised': True,
            'downtime': True,
            'operational_impact': 'Disruption of digital services (websites, '
                                  'Fill&Go, IT systems)',
            'systems_affected': ['Websites',
                                 'Fill&Go Service (Gas Stations)',
                                 'Most IT Services']},
 'motivation': 'Financial (Ransom Demand)',
 'ransomware': {'data_encryption': True,
                'data_exfiltration': True,
                'ransom_demanded': '$2,000,000',
                'ransomware_strain': 'Hive'},
 'references': [{'source': 'Acronis Cyber Protect'}],
 'response': {'containment_measures': ['Shutdown of websites',
                                       'Disabling Fill&Go service at gas '
                                       'stations']},
 'threat_actor': 'Hive Ransomware Group',
 'title': 'Rompetrol Ransomware Attack by Hive Group',
 'type': 'Ransomware Attack'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.