Croatia’s largest petrol station chain impacted by cyber-attack

Haythem Elmir

A security incident described as « a cyber-attack » has crippled some business operations at INA Group, Croatia’s biggest oil company, and its largest petrol station chain.

The attack took place last Friday, on February 14, at 22:00, local time, the company said.

Multiple sources have told ZDNet the cyber-attack is a ransomware infection that infected and then encrypted some of the company’s backend servers.

The incident did not impact the company’s ability to provide petrol fuel to its customers, nor its ability to handle payments.

It did, however, impact its ability to issue invoices, register loyalty card use, issue new mobile vouchers, issue new electronic vignettes, and allow customers to pay gas utility bills (INA is also a natural gas provider in Croatia).

The INA Group, which is part of the MOL Group and lists the Croatian government as its biggest shareholder, publicly disclosed the incident over the weekend and apologized to customers.


A source familiar with the incident has told ZDNet this week that the ransomware incident has been caused by an infection with the CLOP ransomware strain.

While we couldn’t get INA to confirm, open-source reporting supports our source’s tip. For example, hours before INA reported being infected, a Sophos malware analyst reported a new malware server going live and actively distributing a version of the CLOP ransomware.

Furthermore, this week, security researchers have also spotted new versions of the CLOP ransomware on VirusTotal, an aggregated malware scanning service [123].

The use of the CLOP ransomware in the attack against INA also fits the bill when it comes to CLOP’s regular modus operandi.

According to BleepingComputer, a tech news site specialized in ransomware news and research, the operators of the CLOP ransomware switched tactics in March 2019 from targeting end-users to targeting companies.

The CLOP gang is now what security researchers call « big-game ransomware, » which is a term referring to criminal groups that specifically target companies to infect their networks, encrypt data, and ask for extremely large ransom demands.


Laisser un commentaire

Next Post

Install Latest Chrome Update to Patch 0-Day Bug Under Active Attacks

Google yesterday released a new critical software update for its Chrome web browser for desktops that will be rolled out to Windows, Mac, and Linux users over the next few days. The latest Chrome 80.0.3987.122 includes security fixes for three new vulnerabilities, all of which have been marked ‘HIGH’ in severity, […]