2 min read

Greek Natural Gas Supplier DESFA Hacked by Ragnar Locker Ransomware Crew

Filip TRUȚĂ

August 23, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Greek Natural Gas Supplier DESFA Hacked by Ragnar Locker Ransomware Crew

DESFA, one of Greece’s major natural gas operators, has suffered a breach at the hand of a ransomware gang.

DESFA is a natural gas transmission system operator established in 2007 as a subsidiary of DEPA, the natural gas supplier of Greece. In addition to the transmission system, DESFA operates Greece's gas distribution networks, and the Revithoussa LNG Terminal, which regasifies the liquefied natural gas shipped in by tankers.

Over the weekend, the company issued a statement saying, “DESFA suffered a cyberattack on part of its IT infrastructure by cybercriminals that have tried to gain illegal access to electronic data, with a confirmed impact on the availability of some systems and possible leakage of a number of directories and files.”

Gas supply remains unaffected in all entry and exit points of the country, according to the press release.

DESFA has enlisted the help of IT experts to investigate the cause of the attack and to restore affected systems as soon as possible.

“To protect our customers and partners we proactively deactivated most of our IT services and we are now gradually recovering our IT systems back to normal operation,” reads the statement.

As required by data protection laws, the natural gas operator has informed all relevant authorities and organizations to resolve the issue and minimize any impact.

The statement ends with the company adding that “DESFA remains firm in its position not to negotiate with cybercriminals,” which points to a ransomware operation.

Indeed, the Ragnar Locker ransomware crew has reportedly taken responsibility for the attack. According to a screenshot published by Bleeping Computer, the threat actors say DESFA’s security has “serious vulnerabilities” and that they’ve informed DESFA of these shortcomings, with no response yet from the natural gas supplier.

The hackers are threatening to publish files stolen in the attack if DESFA doesn’t cooperate – i.e. pay ransom. It’s unclear what type of data was exfiltrated by Ragnar Locker in the attack. The extortion demands are also unclear at this point.

First discovered in April 2020, Ragnar Locker threat actors use the well known ‘double extortion’ tactic where the attackers first copy the victim’s sensitive data (for later extortion), then encrypt data on the victim’s end to freeze their operations.

Ragnar Locker threat actors sometimes use a specially designed virtual machine image during the payload execution stage in order to thwart anti-malware solutions.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Authorities Dismantle iSpoof Criminal Phone Spoofing Operation, Arresting 142 Authorities Dismantle iSpoof Criminal Phone Spoofing Operation, Arresting 142
Vlad CONSTANTINESCU

November 25, 2022

1 min read
975 Arrested by Interpol Over Phishing, Romance Scams, Sextortion and Investment Fraud 975 Arrested by Interpol Over Phishing, Romance Scams, Sextortion and Investment Fraud
Filip TRUȚĂ

November 25, 2022

2 min read
How SIM Swapping Attacks Work and How to Protect Yourself How SIM Swapping Attacks Work and How to Protect Yourself
Filip TRUȚĂ

November 25, 2022

3 min read