Critical infrastructure organisations are once again being warned of the threat posed by malicious cybercriminals, following a ransomware attack against a state-owned energy company in Pakistan.
Pakistan Petroleum Limited (PPL), a major producer of oil and gas in the country, was hit by the Blue Locker ransomware that targeted parts of its IT infrastructure, impacting the company’s IT systems and financial operations.
Like other ransomware, Blue Locker encrypts the files of impacted organisations, and demands that a ransom be paid in exchange for a decryption key. Specifically, Blue Locker can be recognised by its trait of appending the extension .blue to the filenames of encrypted data.
In an advisory published on its website, PPL described bow it had detected that ransomware had targeted parts of its IT infrastructure on 6th August.
The company said that it had received a ransom demand from the Blue Locker Group, which read in part:
Your computers and servers are encrypted, backups are deleted from your network and copied. We have stolen some of your business data and employee information, including but not limited to TMC Data (Sui, Adhi, etc.) and contracts… If you don’t contact us with a quote, we will report the hack to mainstream media and release your data to social media and competitors.
The hackers reportedly encrypted the energy company’s servers, blocked access to its backups.
PPL said that it had informed regulators about the incident, and that it had a team working diligently to restore systems to their full functionality in “secure and phased manner”.
A spokesperson for Pakistan’s National Cyber Emergency Response Team (NCERT) told Arab News that Pakistan Petroleum had been “impacted severely” and that other organisations in the country have been affected by the Blue Locker ransomware.
NCERT’s response to the incident has been to issue a “high alert advisory” to 39 of the country’s key ministries and institutions warning of the threat posed by Blue Locker.
Organisations have been warned that there a variety of vectors by which the Blue Locker ransomware can be distributed, and advised that following safe computing practices was key to hardening defences from attack.
Although the latest victims of Blue Locker targeting critical infrastructure are based in Pakistan, there is no reason to believe that those responsible won’t aim their sights at key organisations and industry sectors in other parts of the world.
It is widely considered likely that those responsible for the current wave of attacks are backed by a nation state, and that the attacks are being conducted perhaps as much (or more) for geopolitical reasons than financial.
For this reason, all organisations – and in particular those considered critical national infrastructure – would be wise to take the threat of cyberattack seriously.
Stay Informed
When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn’t miss them.
About the author
Graham Cluley is an award-winning cybersecurity public speaker, podcaster, blogger, and analyst. He has been a well-known figure in the cybersecurity industry since the early 1990s when he worked as a programmer, writing the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows.
Since then he has been employed in senior roles by computer security companies such as Sophos and McAfee.
Graham Cluley has given talks about cybersecurity for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.
Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the “10 Greatest Britons in IT History” for his contribution as a leading authority in internet security.