2 min read

Greek Natural Gas Supplier DESFA Hacked by Ragnar Locker Ransomware Crew

Filip TRUȚĂ

August 23, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Greek Natural Gas Supplier DESFA Hacked by Ragnar Locker Ransomware Crew

DESFA, one of Greece’s major natural gas operators, has suffered a breach at the hand of a ransomware gang.

DESFA is a natural gas transmission system operator established in 2007 as a subsidiary of DEPA, the natural gas supplier of Greece. In addition to the transmission system, DESFA operates Greece's gas distribution networks, and the Revithoussa LNG Terminal, which regasifies the liquefied natural gas shipped in by tankers.

Over the weekend, the company issued a statement saying, “DESFA suffered a cyberattack on part of its IT infrastructure by cybercriminals that have tried to gain illegal access to electronic data, with a confirmed impact on the availability of some systems and possible leakage of a number of directories and files.”

Gas supply remains unaffected in all entry and exit points of the country, according to the press release.

DESFA has enlisted the help of IT experts to investigate the cause of the attack and to restore affected systems as soon as possible.

“To protect our customers and partners we proactively deactivated most of our IT services and we are now gradually recovering our IT systems back to normal operation,” reads the statement.

As required by data protection laws, the natural gas operator has informed all relevant authorities and organizations to resolve the issue and minimize any impact.

The statement ends with the company adding that “DESFA remains firm in its position not to negotiate with cybercriminals,” which points to a ransomware operation.

Indeed, the Ragnar Locker ransomware crew has reportedly taken responsibility for the attack. According to a screenshot published by Bleeping Computer, the threat actors say DESFA’s security has “serious vulnerabilities” and that they’ve informed DESFA of these shortcomings, with no response yet from the natural gas supplier.

The hackers are threatening to publish files stolen in the attack if DESFA doesn’t cooperate – i.e. pay ransom. It’s unclear what type of data was exfiltrated by Ragnar Locker in the attack. The extortion demands are also unclear at this point.

First discovered in April 2020, Ragnar Locker threat actors use the well known ‘double extortion’ tactic where the attackers first copy the victim’s sensitive data (for later extortion), then encrypt data on the victim’s end to freeze their operations.

Ragnar Locker threat actors sometimes use a specially designed virtual machine image during the payload execution stage in order to thwart anti-malware solutions.

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Royal Ransomware Launches Attacks on US Healthcare Organizations, Government Warns Royal Ransomware Launches Attacks on US Healthcare Organizations, Government Warns
Vlad CONSTANTINESCU

December 09, 2022

2 min read
North Korean APT Group Exploits Internet Explorer Zero-Day Flaw, Google Warns North Korean APT Group Exploits Internet Explorer Zero-Day Flaw, Google Warns
Vlad CONSTANTINESCU

December 08, 2022

2 min read
Medibank Goes Offline to Rebuild Cyber Defenses in Wake of October Hack Medibank Goes Offline to Rebuild Cyber Defenses in Wake of October Hack
Filip TRUȚĂ

December 08, 2022

2 min read