Hacking

Netwalker ransomware operators leaked files stolen from K-Electric

K-Electric, Pakistan’s largest private power company, did not pay the ransom and the Netwalker ransomware operators have leaked the stolen data.

In early September, K-Electric (KE), the electricity provider for the city of Karachi, Pakistan, was hit by a Netwalker ransomware attack that blocked billing and online services.

K-Electric is the largest power supplier in the country with 2.5 million customers and around 10,000 people.

Starting on September 7, the customers of the company were not able to access the services for their accounts. The good news is that the power supply has not been affected. In response to the incident, K-Electric is attempting to reroute users through a staging site, but the problems have yet to be solved.

The news of the incident was first reported by BleepingComputer which was informed by the ransomware researcher Ransom Leaks.

After being informed about this ransomware attack, security researchers confirmed that the Netwalker ransomware operators were behind the attack.

Netwalker ransomware operators are demanding the payment of $3,850,000 worth of Bitcoin. As usual, if the company will not pay the ransom within another seven days, the ransom will increase to $7.7 million.

Source BleepingComputer

The gang also claimed on the ‘Stolen data’ page of their Tor leak site that they have stolen unencrypted files from K-Electric before encrypting its systems. At the time it is not clear how many documents were stolen and which kind of information they contained.

News of the day is that Netwalker ransomware operators have released the victim’s data stolen during the attack, an 8.5 GB archive.

Researchers from cybersecurity firm Rewterz, who analyzed the content of the archive, told BleepingComputer that it contains some company’s sensitive information, including financial data, customer information, engineering reports, engineering diagrams for turbines, maintenance logs, and more.

Experts pointed out that threat actors had access to customer’s personal information that could be used to carry out multiple malicious activities.

Recently the Netwalker ransomware operators hit Argentina’s official immigration agency, Dirección Nacional de Migraciones, the attack caused the interruption of the border crossing into and out of the country for four hours.

Another victim of the group is the University of California San Francisco (UCSF), who decided to pay a $1.14 million ransom to recover its files.

Recently the FBI has issued a security alert about Netwalker ransomware attacks targeting U.S. and foreign government organizations.

The feds are recommending victims, not to pay the ransom and reporting incidents to their local FBI field offices.

The flash alert also includes indicators of compromise for the Netwalker ransomware along with mitigations.

The FBI warns of a new wave of Netwalker ransomware attacks that began in June, the list of victims includes the UCSF School of Medicine and the Australian logistics giant Toll Group.

The Netwalker ransomware operators have been very active since March and also took advantage of the ongoing COVID-19 outbreak to target organizations.

Below the recommended mitigations provided by the FBI:

  • Back-up critical data offline.
  • Ensure copies of critical data are in the cloud or on an external hard drive or storage device.
  • Secure your back-ups and ensure data is not accessible for modification or deletion from the system where the data resides.
  • Install and regularly update anti-virus or anti-malware software on all hosts.
  • Only use secure networks and avoid using public Wi-Fi networks.
  • Consider installing and using a VPN.
  • Use two-factor authentication with strong passwords.
  • Keep computers, devices, and applications patched and up-to-date.
[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, K-Electric)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

11 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

17 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

1 day ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

2 days ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

2 days ago

This website uses cookies.