{ "id": "5037afc1-41f2-4606-9ffc-dfee96a2601a", "created_at": "2026-04-06T00:21:56.340206Z", "updated_at": "2026-04-10T03:21:19.840223Z", "deleted_at": null, "sha1_hash": "ff2a90cb24103f5301e23609ce07aded988433fe", "title": "Croatia's largest petrol station chain impacted by cyber-attack", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 925642, "plain_text": "Croatia's largest petrol station chain impacted by cyber-attack\r\nBy Catalin Cimpanu\r\nPublished: 2020-02-20 · Archived: 2026-04-05 23:20:06 UTC\r\nImage: andreas160578 on Pixabay\r\nA security incident described as \"a cyber-attack\" has crippled some business operations at INA Group, Croatia's\r\nbiggest oil company, and its largest petrol station chain.\r\nThe attack took place last Friday, on February 14, at 22:00, local time, the company said.\r\nMultiple sources have told ZDNet the cyber-attack is a ransomware infection that infected and then encrypted\r\nsome of the company's backend servers.\r\nThe incident did not impact the company's ability to provide petrol fuel to its customers, nor its ability to handle\r\npayments.\r\nIt did, however, impact its ability to issue invoices, register loyalty card use, issue new mobile vouchers, issue new\r\nelectronic vignettes, and allow customers to pay gas utility bills (INA is also a natural gas provider in Croatia).\r\nThe INA Group, which is part of the MOL Group and lists the Croatian government as its biggest shareholder,\r\npublicly disclosed the incident over the weekend and apologized to customers.\r\nA company spokesperson did not return emails or phone calls for additional details.\r\nIn a message posted on its website, the company said it was working to restore all systems, however, its services\r\nwere still down today.\r\nhttps://www.zdnet.com/article/croatias-largest-petrol-station-chain-impacted-by-cyber-attack/\r\nPage 1 of 2\n\nSuspected CLOP ransomware attack\r\nA source familiar with the incident has told ZDNet this week that the ransomware incident has been caused by an\r\ninfection with the CLOP ransomware strain.\r\nWhile we couldn't get INA to confirm, open-source reporting supports our source's tip. For example, hours before\r\nINA reported being infected, a Sophos malware analyst reported a new malware command-and-control server\r\ngoing live and being involved in CLOP-related operations.\r\nFurthermore, this week, security researchers have also spotted new versions of the CLOP ransomware on\r\nVirusTotal, an aggregated malware scanning service [1, 2, 3].\r\nThe use of the CLOP ransomware in the attack against INA also fits the bill when it comes to CLOP's regular\r\nmodus operandi.\r\nAccording to BleepingComputer, a tech news site specialized in ransomware news and research, the operators of\r\nthe CLOP ransomware switched tactics in March 2019 from targeting end-users to targeting companies.\r\nThe CLOP gang is now what security researchers call \"big-game ransomware,\" which is a term referring to\r\ncriminal groups that specifically target companies to infect their networks, encrypt data, and ask for extremely\r\nlarge ransom demands.\r\nThanks for the suggestions, here is my current list of ransomware groups targeting large\r\nenterprises. I know i'm missing some, but i think we can agree if all these disappeared the\r\nworld would be a better place. They aren't in a particular order but I did need to put Ryuk\r\nfirst. pic.twitter.com/hpiXt4UEKb\r\n— PeterM (@AltShiftPrtScn) February 7, 2020\r\nSource: https://www.zdnet.com/article/croatias-largest-petrol-station-chain-impacted-by-cyber-attack/\r\nhttps://www.zdnet.com/article/croatias-largest-petrol-station-chain-impacted-by-cyber-attack/\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "references": [ "https://www.zdnet.com/article/croatias-largest-petrol-station-chain-impacted-by-cyber-attack/" ], "report_names": [ "croatias-largest-petrol-station-chain-impacted-by-cyber-attack" ], "threat_actors": [], "ts_created_at": 1775434916, "ts_updated_at": 1775791279, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/ff2a90cb24103f5301e23609ce07aded988433fe.pdf", "text": "https://archive.orkl.eu/ff2a90cb24103f5301e23609ce07aded988433fe.txt", "img": "https://archive.orkl.eu/ff2a90cb24103f5301e23609ce07aded988433fe.jpg" } }