Romania’s national oil pipeline operator Conpet has confirmed a cyberattack disrupted parts of its technology infrastructure and knocked its website offline earlier this week. The company operates approximately 3,800 kilometers (2,360 miles) of pipelines supplying domestic and imported crude oil and petroleum products to refineries across Romania.
Attack Details
While Conpet’s official statement on Wednesday asserted that operational technology systems, including SCADA and telecommunications systems, remained fully functional, the Qilin ransomware group has claimed responsibility for the attack.
The Russian-speaking ransomware-as-a-service operation listed Conpet on its dark web leak site, claiming to have stolen nearly one terabyte of data. The group has published images of alleged internal documents, financial records, and passport scans as proof of the breach.
Qilin’s Track Record
Qilin, active since 2022, has emerged as one of the most destructive ransomware groups in recent years. The gang has previously targeted:
- U.S. municipalities
- Japanese beverage giant Asahi
- Major U.S. newspaper chains
- The governments of Malaysia and Palau
- Hospitals and government agencies worldwide
Romania Under Siege
This attack is part of a troubling pattern of ransomware incidents targeting Romanian critical infrastructure:
- December 2025: An attack on Romania’s national water management agency locked staff out of approximately 1,000 computers using Microsoft’s BitLocker encryption tool
- December 2025: Ransomware hit Oltenia Energy Complex, Romania’s largest coal-based power producer, temporarily disrupting IT infrastructure
Why This Matters
This incident highlights the persistent threat ransomware poses to critical infrastructure operators, particularly in the energy sector. While Conpet states oil transport operations were not affected, the exfiltration of nearly 1 TB of sensitive data—including passport scans and financial records—represents a significant data breach with potential long-term consequences.
Organizations managing critical infrastructure should ensure robust network segmentation between IT and OT systems, maintain offline backups, and develop incident response plans specifically addressing ransomware scenarios.
Source: The Record
