Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Croatia’s largest petrol station chain INA group hit by ransomware attack

Some operations at INA Group, Croatia’s biggest oil company, and its largest petrol station chain were disrupted by a cyber attack. A ransomware attack has disrupted operations at INA Group, Croatia’s biggest oil company, and its largest petrol station chain. INA, d.d. is a stock company with the Hungarian MOL Group and the Croatian Government as its biggest shareholders, […]

Reynolds ransomware uses BYOVD to disable security before encryption ransomware

Some operations at INA Group, Croatia’s biggest oil company, and its largest petrol station chain were disrupted by a cyber attack.

A ransomware attack has disrupted operations at INA Group, Croatia’s biggest oil company, and its largest petrol station chain.

INA, d.d. is a stock company with the Hungarian MOL Group and the Croatian Government as its biggest shareholders, while a minority of shares is owned by private and institutional investors.

The company was not able to issue invoices and accept loyalty cards as a result of the attack that took place last Friday, on February 14, at 22:00, local time.

“The INA Group is under cyber-attack, which began around 10 pm on February 14, 2020, causing problems in the operation of certain IT systems, which can occasionally affect normal operation, such as issuing mobile phone vouchers, electronic vignettes, paying utility bills.” reads a security breach notice published by the company on its website. “Market supply is secure. Fuel sales at our retail locations continue unhindered. All payments are secure, whether it is a cash payment, an INA card or a bank card. INA is taking steps to remedy the system’s hassle.”

After the security breach, the company was still able to provide petrol fuel to its customers and to handle payments.

“Multiple sources have told ZDNet the cyber-attack is a ransomware infection that infected and then encrypted some of the company’s backend servers.” states ZDNet that first reported the issue.

“It did, however, impact its ability to issue invoices, register loyalty card use, issue new mobile vouchers, issue new electronic vignettes, and allow customers to pay gas utility bills (INA is also a natural gas provider in Croatia).”

The company announced it was working to restore all systems.

ZDNet, citing a source familiar with the incident, speculates the involvement of CLOP ransomware in the attack.

This family of ransomware involved in the attack was also spotted by researcher Vitali Kremez in December 2019. The malware targets Windows systems and attempts to disable security products running on the infected systems.

The malicious code executes a small program, just before starting the encryption process, to disable security tools running on the infected systems that could detect its operations.

The Clop ransomware also attempted to disable the Windows Defender by configuring the registry values associated with this defense feature

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – INA Group, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]