Hive Ransomware Gang Impacts Rompetrol Gas Station Network

Rompetrol is the operator of Petromidia Navodari, the largest oil refinery in Romania, with a processing capacity of more than five million tons annually.

It looks like a ransomware attack hit the Rompetrol gas station network, with the KMG International’s subsidiary declaring that it is fighting a “complex cyberattack.”

KMG International is one of the world’s largest oil companies, with operations in fifteen countries across Europe, Central Asia, and North Africa. Refining, marketing, trading, production, and oil industry services such as drilling, EPCM, and transportation are among KMG’s main activities.

Following the attack, the petroleum provider was forced to shut down its websites and the Fill&Go service at gas stations.

Who Did It?

As per BleepingComputer, the attackers behind the Rompetrol incident are members of the Hive ransomware organization and have demanded a multi-million dollar ransom.


As of yesterday, both the KMG and Rompetrol websites are not reachable, and the Fill&Go app is no longer functional. The company’s email system (Microsoft Outlook) is, however, still up and running.

KMG has already informed the Romanian National Directorate of Cyber Security (DNSC), which is working with the company to resolve the issue and provide the necessary support.

To protect

Read More: