Blue Locker ransomware hits critical infrastructure – is your organisation ready?
Critical infrastructure organisations are once again being warned of the threat posed by malicious cybercriminals, following a ransomware attack against a state-owned energy company in Pakistan.
Pakistan Petroleum Limited (PPL), a major producer of oil and gas in the country, was hit by the Blue Locker ransomware that targeted parts of its IT infrastructure, impacting the company's IT systems and financial operations.
Like other ransomware, Blue Locker encrypts the files of impacted organisations, and demands that a ransom be paid in exchange for a decryption key. Specifically, Blue Locker can be recognised by its trait of appending the extension .blue to the filenames of encrypted data.
In an advisory published on its website, PPL described bow it had detected that ransomware had targeted parts of its IT infrastructure on 6th August.
The company said that it had received a ransom demand from the Blue Locker Group, which read in part:
Your computers and servers are encrypted, backups are deleted from your network and copied. We have stolen some of your business data and employee information, including but not limited to TMC Data (Sui, Adhi, etc.) and contracts… If you don't contact us with a quote, we will report the hack to mainstream media and release your data to social media and competitors.
The hackers reportedly encrypted the energy company's servers, blocked access to its backups.
PPL said that it had informed regulators about the incident, and that it had a team working diligently to restore systems to their full functionality in "secure and phased manner".
A spokesperson for Pakistan's National Cyber Emergency Response Team (NCERT) told Arab News that Pakistan Petroleum had been "impacted severely" and that other organisations in the country have been affected by the Blue Locker ransomware.
NCERT's response to the incident has been to issue a "high alert advisory" to 39 of the country's key ministries and institutions warning of the threat posed by Blue Locker.
Organisations have been warned that there a variety of vectors by which the Blue Locker ransomware can be distributed, and advised that following safe computing practices was key to hardening defences from attack.
Although the latest victims of Blue Locker targeting critical infrastructure are based in Pakistan, there is no reason to believe that those responsible won't aim their sights at key organisations and industry sectors in other parts of the world.
It is widely considered likely that those responsible for the current wave of attacks are backed by a nation state, and that the attacks are being conducted perhaps as much (or more) for geopolitical reasons than financial.
For this reason, all organisations – and in particular those considered critical national infrastructure – would be wise to take the threat of cyberattack seriously.
On 1st October, Exponential-e will be hosting an event entitled "Transforming our nation's critical services through cyber secured engineering" at The Shard in London.
The event is tailored exclusively for operators of essential services, and presents a unique opportunity for organisations to share experiences, and learn how to better secure how the UK's mission-critical services are delivered.
Places are strictly limited, so register now to avoid disappointment.
Monitoring, management and testing are vital to maintaining a robust cyber security posture.
Stay Informed
When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.
