Threat Watch

Pakistan’s Largest Private Power Company Hit With Netwalker Ransomware

Netwalker: Karachi, Pakistan’s sole electric power provider, K-Electric, suffered a ransomware attack from the Netwalker threat group. Currently, the only systems being impacted by the outage are online billing and account management services. The outage began impacting K-Electric on Monday, and so far, does not appear to be spreading. The company has attempted to set up a backup portal but have encountered difficulties with that as well. Netwalker has requested a ransom payment of $3.85 million USD to unlock K-Electric’s systems. If not paid within seven days, the price will increase to $7.7 million. Even though this news has already become public, Netwalker does not have the information set to become public on their website until the beginning of next week. Access to the stolen data will become publicly available on the Netwalker site in just under three weeks from now. 

ANALYST NOTES

Whether Netwalker was able to gain further access into K-Electric’s systems or not is unknown. It would likely not serve Netwalker very well to cut access to utilities in any area of the world though, even if they could. Cutting access to utilities is a line that few ransomware operators would likely be willing to cross as it would only serve to ensure that every available asset of nearly every law enforcement agency in the world would be focused on them. Disrupting utilities in any nation would be viewed as either a terrorist action or an act of war, depending on the group behind the attack. Not only is it important to ensure proper backups are made to aid in recovery, but to have contingency plans in place to maintain operations while restoring systems. Having plans in place are not enough if those plans are not practiced and tested to ensure they are fully operational. More information on this topic can be found at: https://www.bleepingcomputer.com/news/security/netwalker-ransomware-hits-pakistans-largest-private-power-utility/