Portuguese multinational energy giant Energias de Portugal (EDP) was targeted by the Ragnar Locker ransomware group after they encrypted the systems. The attackers asked for a 1580 BTC ransom ($10.9M or €9.9M). EDP Group is one of the largest European operators in the energy sector (gas and electricity) and the world’s 4th largest producer of wind energy.

Russia’s Sandworm Unit Targets Poland’s Power Grid in Failed Cyberattack In a brazen escalation of cyber warfare, Russia’s elite Sandworm hacking unit linked to the GRU attempted to disrupt Poland’s energy infrastructure in late December. Security firm ESET uncovered destructive DynoWiper malware deployed against two Polish power plants and wind turbine networks on December 29–30, an attack that could have left 500,000 households without heat and electricity during winter. The assault targeted critical facilities and communication links between renewable energy installations and grid operators, aiming to cripple operations. While the attack failed, Polish Energy Minister Milosz Motyka confirmed it as the most severe cyber threat to the nation’s energy sector in years. Unlike ransomware, DynoWiper is designed for pure destruction, erasing data and rendering systems inoperable. ESET attributed the malware to Sandworm with "medium confidence", citing strong similarities to the group’s past operations, including the infamous 2015–2016 Ukraine blackouts. The incident underscores Russia’s continued use of cyber warfare to destabilize regional infrastructure, even as its tactics evolve.