Croatia’s largest petrol station was hit by cyberattack leading to disabling some of its operations.
Industrial nafte (INA group), is Croatia’s biggest oil company, that contributes over 50 per cent of Croatian prime energy production.
“The INA Group is under cyber-attack, which began around 10 pm on February 14, 2020, causing problems in the operation of certain IT systems, which can occasionally affect normal operation, such as issuing mobile phone vouchers, electronic vignettes, paying utility bills,” reads a security breach notification published by the company on its website.
Multiple sources have told ZDNet the cyber attack is a ransomware infection that infected and then encrypted some of the company’s backend servers.
The company was still able to provide petrol fuel to its customers and to handle payments whether it is a cash payment, an INA card or a bank card.
It impacted the ability to issue invoices, register loyalty card use, issue new mobile vouchers, issue new electronic vignettes.
Even though the company said it was working to restore all systems, it’s services were still down.
“The ransomware infection has been caused by an infection with the CLOP ransomware strain,” stated ZDNet.
In December 2019, Vitali Kremez spotted this family of ransomware where it targets the Windows systems and attempts to disable security products running on the infected systems.
How does it operate?
Before starting the encryption process, the malicious code executes a small programme to disable, security tools operating on the infected systems so that it’s operations won’t be detected.
“Big-game ransomware” is now what security researchers call for CLOP gang. This term specifically refers to criminal groups that target companies to infect their networks, encrypt data and ask for extremely large random demands.
You may be interested in reading: ASP.NET Hit by Ransomware