Security News > 2023 > November > Slovenian power company hit by ransomware

Slovenian power generation company Holding Slovenske Elektrarne has been hit by ransomware and has had some of its data encrypted.

HSE is a state-owned company that controls numerous hydroelectric, thermal and coal-fired power plants.

The company has declined to share any details about the cyber intrusion, but has confirmed that operation of its power plants has not been affected.

"We would like to emphasize that the HSE had control over the power plants of the HSE group at all times, safety was also properly taken care of, and the high water alarm system also worked smoothly. Electricity trading has not been interrupted and is being carried out, but out of caution we have somewhat limited the execution of individual transactions," said Dr. Tomaž Štokelj, General Director of HSE. The attack did affect the company's communication and information infrastructure and, according to Slovenian news outlet 24ur, the websites of some of the power plants were temporarily inaccessible.

Rhysida is a fairly new ransomware group that has been active since May 2023 and has targeted - among others - the Chilean Army, Prospect Medical Holdings, the British Library, and Energy China.

"Threat actors leveraging Rhysida ransomware are known to impact 'targets of opportunity,' including victims in the education, healthcare, manufacturing, information technology, and government sectors," according to a recently released advisory by the CISA, FBI, and MS-ISAC. "Open source reporting details similarities between Vice Society activity and the actors observed deploying Rhysida ransomware. Additionally, open source reporting has confirmed observed instances of Rhysida actors operating in a ransomware-as-a-service capacity, where ransomware tools and infrastructure are leased out in a profit-sharing model."

News URL

https://www.helpnetsecurity.com/2023/11/28/slovenian-power-company-ransomware/