National Oil Pipeline Operator Hit by Ransomware: IT Systems Down for Days, 1TB Data Possibly Stolen

Conpet disclosed on March 3 that a ransomware attack crippled its corporate IT infrastructure and rendered its public website unavailable for more than a week. The company emphasized that operational technology, including SCADA and communication systems, was not impacted, allowing the core oil‑transport business to continue without interruption.

The ransomware group Qilin claimed responsibility, stating it had stolen close to 1 TB of internal files and posted a selection of documents—such as financial records and passport scans—on its dark‑web leak site as proof of compromise. Conpet has not confirmed the data‑theft claim.

Qilin operates as a Ransomware‑as‑a‑Service (RaaS) under the name “Agenda” since August 2022. Over the past four years the group has alleged attacks on roughly 400 victims, including Nissan, Asahi Beer, media giant Lee Enterprises, pathology provider Synnovis, and the Victorian Court Services in Australia.

This incident follows a wave of ransomware activity in Romania earlier in the year: the national water authority and the Oltenia Energy Complex were hit in December, the Electrica power group suffered a Lynx ransomware intrusion in December 2024, and more than 100 hospitals were compromised by the BackMyData ransomware in February 2024, causing widespread disruption of medical management systems.

Reference: bleepingcomputer.com