Incidents in sector:

Energy

RansomwareUnknownApril 21, 2026

Engie: a cyberattack claimed by a ransomware group

The hacker group Coinbasecartel claims to have carried out a cyberattack against Engie, the French energy giant active in electricity, gas and

Victim: Engie

RansomwareContainedAugust 21, 2024

Halliburton RansomHub attack (2024)

RansomHub gained access to Halliburton's systems, prompting the oil-services giant to take infrastructure offline. The incident delayed invoicing and purchase orders, and Halliburton booked a $35 million loss in its SEC filings.

Victim: Halliburton
Loss: $35.0M

RansomwareContainedJanuary 17, 2024

Schneider Electric Sustainability Business Cactus ransomware (2024)

Cactus ransomware operators hit Schneider Electric's Sustainability Business division, taking the Resource Advisor consulting platform offline and exfiltrating approximately 1.5 TB of data — including passport scans and signed NDAs from customers like Hilton, PepsiCo, and Walmart.

Victim: Schneider Electric — Sustainability Business division

WiperContainedFebruary 24, 2022

Viasat KA-SAT AcidRain wiper

One hour before Russia's invasion of Ukraine, Sandworm operators deployed the AcidRain wiper against Viasat KA-SAT satellite modems, bricking ~30,000 European terminals and 5,800 German wind turbines and disabling Ukrainian military command-and-control.

Victim: Viasat KA-SAT (subscribers across Ukraine and Europe)
Loss: $100.0M

RansomwareRansom paidMay 7, 2021

Colonial Pipeline ransomware (DarkSide)

A reused VPN password let DarkSide encrypt Colonial Pipeline's billing systems. The operator shut down 5,500 miles of fuel pipeline for six days, paid $4.4M, and triggered a federal emergency.

Victim: Colonial Pipeline Company
Loss: $4.4M

RansomwareContainedNovember 10, 2019

Pemex DoppelPaymer ransomware (Mexico, 2019)

DoppelPaymer ransomware paralysed corporate IT systems at Mexican state oil company Pemex, freezing payments and communications for weeks. Attackers demanded 565 BTC (~$5M). Pemex refused to pay; total recovery cost reached approximately $71 million.

Victim: Petróleos Mexicanos (Pemex)
Loss: $71.0M

RansomwareContainedMarch 19, 2019

Norsk Hydro LockerGoga ransomware

Aluminium producer Norsk Hydro lost most of its global IT estate to the LockerGoga ransomware. Hydro publicly refused to pay, ran operations on paper for weeks, and set the editorial standard for transparent incident communication.

Victim: Norsk Hydro
Loss: $75.0M

EspionageContainedDecember 23, 2015

Ukraine power grid attack — Sandworm BlackEnergy (2015)

The Russia-linked Sandworm group used spear-phishing, BlackEnergy3, and KillDisk to remotely flip breakers at three Ukrainian regional electricity distribution companies, cutting power to approximately 230,000 customers for 1–6 hours. It is the first publicly acknowledged successful cyberattack on an electric power grid in history.

Victim: Ukrainian regional electricity distribution companies (Oblenergos)

WiperContainedAugust 15, 2012

Saudi Aramco Shamoon wiper

Iranian-attributed Shamoon wiper destroyed data on roughly 30,000 Saudi Aramco workstations on a single day, taking the world's largest oil company's IT estate offline for two weeks. The first major Iranian retaliatory cyber operation.

Victim: Saudi Aramco
Loss: $200.0M

WiperResolvedJune 17, 2010

Stuxnet (Operation Olympic Games)

U.S. and Israeli intelligence services jointly developed and deployed Stuxnet — the first widely-known cyber weapon to cause physical damage. The worm targeted Iran's Natanz uranium enrichment facility and destroyed approximately 1,000 IR-1 centrifuges over 2009–2010.

Victim: Natanz uranium enrichment facility (Iran)
Loss: $100.0M