Cyber Incident Victim: ERG

On August 3, 2021, Italian renewable energy group ERG experienced a ransomware attack targeting its information and communications technology (ICT) infrastructure. Media reports attributed the attack to the LockBit 2.0 ransomware operation, though ERG's official statement described it only as a "hacker attack." The LockBit group had launched its ransomware-as-a-service model in June 2021 after operating since September 2019. ERG confirmed the incident caused minor disruptions to ICT systems but emphasized these were being resolved through pre-existing cybersecurity protocols. The company maintained continuous operations across all energy production facilities, including wind, hydroelectric, solar, and thermoelectric cogeneration plants, with no operational downtime reported. This operational continuity occurred despite the attack coinciding with ERG's €1 billion hydroelectric asset sale to Enel, Europe's largest utility company, finalized earlier that week.

The attack impacted ERG's European operations spanning Italy, France, Germany, Poland, Romania, Bulgaria, and the United Kingdom, where it ranked among the continent's top ten onshore wind operators. While ERG did not disclose specific containment measures, it credited internal cybersecurity procedures for mitigating damage and restoring systems. Concurrently, Italy's Lazio region suffered a separate RansomEXX ransomware attack that crippled regional IT infrastructure, including COVID-19 vaccine registration systems, though this incident was unrelated to ERG's breach. Both attacks highlighted heightened cyber threats to Italy's critical infrastructure sectors during summer 2021. ERG's public communications focused on minimizing reputational impact by stressing unaffected plant operations and resolved ICT issues, without confirming data theft or ransom demands. The company's wind farms and other generation assets continued supplying energy throughout the incident.