Ransomware Attack on Slovenia’s Largest Electricity Supplier Disrupts Operations
Last week, the IT systems of Holding Slovenske Elektrarne (HSE), Slovenia’s largest electricity supplier, were compromised in a hacking incident. Official reports indicate that the cause of the breach was a ransomware virus, which encrypted files in the corporate network and blocked employee access to internal services.
HSE controls about 60% of the country’s energy supply systems. The company consists of hydroelectric plants based on the Drava, Sava, and Soča rivers and coal-fired power plants in Brestanica, Šoštanj, and Velenje.
The scale of the attack was significant – it was discovered that the perpetrators managed to penetrate security systems and control technological processes. Signs of the breach were first detected on the evening of Wednesday, November 22.
Initially, everything was under control, and the incident was investigated by internal specialists.
However, by November 24, the situation deteriorated. The malicious software became active and began to rapidly spread throughout the corporate network. By this time, the Slovenian government was already involved in mitigating the consequences of the cyberattack.
According to HSE, despite the severity of the issue, the production facilities, including thermal and hydroelectric power stations, continue to operate normally. Currently, there is no threat of disruptions to the country’s energy supply.
However, the source of the infection has not yet been identified. The fact that the perpetrators gained access to HSE’s confidential data indicates the potential danger of blackmail and extortion in the future.
Experts note that cybercriminals often do not initially make ransom demands, preferring to wait for the most opportune moment.