Crypto ransomware attacks are becoming quite frequent these days as 2020 itself has seen several large-scale attacks, with hackers getting away with billions of dollars worth of crypto funds, mainly Bitcoin. The latest attack has targeted the billing system of Pakistan’s largest electricity producer.
According to a report from cybersecurity firm Bleeping Computer, K-Electric, the largest electricity producer in Pakistan, and the only provider in the city of Karachi were hit by a ransomware attack that disabled the entire billing system of the institution and attackers are demanding a ransom of $7 million in Bitcoin.
The electricity provider has more than 2.5 million customers in the nation and first discovered the ransomware on September 7 by K-Electric engineers. The firm faced a disruption in billing services but the electricity supply wasn’t affected by the attack.
The attackers deployed a “NetWalker” ransomware to cripple the system. This malware is quite popular among sophisticated hacking groups and first surfaced in 2019, infecting applications running on Microsoft Windows, such as Office, Word, and Excel.
The malware encrypts all data on the victim’s system and requires a ransom to be paid to the attackers to be able to gain access to the decryption keys.
The same has been the case with K-Electric, but the hackers have demanded $3.8 million ransom to be paid in Bitcoin, that too via the anonymous browser Tor. They further added that failure to complete payment by September 15 would see the ransom price double to $7.7 million worth of Bitcoin.
Attackers also stated in their message that some unencrypted files from K-Electric were also stolen before deploying the ransomware, but no details were shared about which type of data was compromised or the number of files stolen.
On this matter, K-Electric said in a statement:
“The KE teams have initiated consultation with international information security experts and are also collaborating with local authorities in this regard.”
The report comes just days after Chilean Bank BancoEstado had to shut down all its branches after the bank’s network was infected by the REvil ransomware, another dangerous malware, but the bank managed to stop the attackers from encrypting the majority of the files by segmenting the network.