What happened
Romania’s largest coal‑based energy producer, Oltenia Energy Complex (Complexul Energetic Oltenia), suffered a ransomware attack on December 26, 2025. The incident, attributed to the Gentlemen ransomware operation, encrypted files and disrupted key IT systems such as enterprise resource planning, document management, email services, and the company’s public website. The company isolated affected systems and began recovery efforts using backups. 
Who is affected
The breach targeted Oltenia Energy Complex’s internal business infrastructure. While the company supplies roughly 30 % of Romania’s electricity and employs over 19,000 people, its core energy production and national grid operations remained intact. The full scope of potential data theft is still under review. 
Why CISOs should care
This attack highlights the ongoing ransomware threat facing critical infrastructure and energy sector organizations. The Gentlemen group is known for using compromised credentials and exposed services to gain network access, underscoring the need for strong access controls and vigilant monitoring. Critical infrastructure firms remain attractive targets due to their operational importance. 
3 practical actions:
- Review access controls: Implement strict credential hygiene, multi‑factor authentication, and regular privilege audits to reduce initial access risk.
- Segment and backup: Ensure robust network segmentation between IT and operational systems, and maintain secure, tested backups to expedite recovery without paying ransoms.
- Hunt for indicators: Use threat intelligence on Gentlemen ransomware indicators (e.g., ransom note patterns, lateral movement techniques) to proactively scan environments for compromise signs.