Last week, a cyberattack targeted the IT network of HSE, the largest electricity provider in Slovenia. Although everything is under control, the incident’s origin is unknown.
According to the company, a “crypto-virus” that encrypted files and prevented employees from accessing its systems was the cause of the issue. In addition, HSE stated that it had not received ransom requests and that the incident had not affected operations at any of its power plants.
As per the news portal 24ur, the attack was defined as “substantial”, and the attackers managed to breach the security and control system and the fire alarms. After the attack was discovered on Wednesday night, it appeared to have been controlled. However, by Friday night, the infection spread, worsening the situation.
There was, of course, government involvement by then. Although there didn’t seem to have been any significant harm, Uroš Svete, director of the Government Information Security Office, described it as a typical cyberattack. Svete also expressed his satisfaction with the way the matter was handled.
“I believe that the process itself, both the detection of the incident and the reporting and engagement of all actors, at expert, technical, company and the level of state authorities, has been appropriate and in line with the national cyber incident response plan. So, in reality, at the moment, the situation in this case is under control,” Svete said on Sunday.
Tomaž Štokelj, general manager of HSE, expressed optimism that there won’t be any significant effects on system security or the company’s operational efficiency.
The company posted a statement on its website stating, “The HSE power plants are operating smoothly, and Slovenia’s electricity supply continues to be reliable.”
But the risk is still there. Although the incident’s exact cause is unknown, the fact that data was obtained suggests that the company may eventually be the target of blackmail. For cybercriminals, holding out on demanding a ransom is standard practice.