HIVE Strikes Rompetrol with Multi-Million Dollar Ransomware

Throughout the years, we’ve learned that the more reputable a company/brand/organization is, the more of a target it becomes for online threat actors. Unfortunately, cybercrime is elevating at a fast pace and no company is safe regardless of its area of expertise.

Rompetrol Ransomware Attack

Cybercriminals are coming up with new tactics, techniques, and procedures to infiltrate systems. A couple of weeks ago, HIVE – one of the most dangerous ransomware groups attacked none other than the European car dealer Emil Frey.

Now, HIVE strikes again as it targeted Romania’s Rompetrol gas station network. This proves that anyone is a target as long as they have money. The ransom is big and the attack did its damage. What’s this all about? Find out below.

Rompetrol Ransomware Attack – HIVE Stings Again

HIVE hasn’t been around for long, but it sure did make an impact. The operation became known in late June 2021, targeting multiple high-profile companies.

In fact, HIVE has a record of attacking around 3 companies a day. Yeah, their leak website doesn’t show everything. It’s actually more active and aggressive than what it likes us to know.

Now, the group’s latest target is Rompetrol and the ransom is huge – they’re asking for a multi-million ransom. Technically, Rompetrol is the operator of Romania’s largest oil refinery, Petromidia Navodari. The company issued a statement following the large breach:

“During this night, Rompetrol faced a complex cyber attack. We are constantly connected with the National Directorate of Cyber Security (DNSC) and together we are making all efforts to resolve the situation. For data protection, the company has temporarily stopped the operation of the Fill&Go websites and services, both for fleet and for individuals.

The Rompetrol Go program and the mobile app are also not working. The activity of the Rompetrol gas stations is operated normally, customers having the option of payment in cash or by bank card at their disposal.

We mention that the operational activity of the Petromidia refinery is not affected. We apologize for the inconvenience.”

Rompetrol Facebook

When an oil company processes a capacity of over five million tons per year, cyber attackers should assume that it has a lot of money.

Now, the HIVE group has control of its systems. They’re demanding 2 million dollars in exchange for the decryption key and to avoid any leak of the allegedly stolen data.

Rompetrol Breached – Cease All Operations

As the company stated: “Rompetrol faced a complex cyberattack.” That means it has to do everything at its disposal to minimize the impact.

After suffering such a breach, we’ve observed and noticed that the company has ceased its operations in terms of website and application. We can clearly see it in the image below.


Rompetrol did notify the Romanian National Directorate of Cyber Security (DNSC). At the moment, they’re both working together to solve the problem.

Rompetrol Ransomware Attack – One Really Expensive Sting

HIVE can do a lot of damage, we’ve seen that in the past. Even the FBI has warned users and companies about what this group is capable of.

Rompetrol is the group’s latest victim, and they don’t seem to be stopping any time soon. For those out there, you should always stay vigilant when you run your business online.

You never know who’s watching and what intentions they have. Apply as many security measures as you can. That way, you can either eliminate the threat or at least, minimize the impact.

Add a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.