Edition Bleeping computer reports that this week K-Electric, an electricity supplier in the Pakistani city of Karachi, was attacked by the ransomware Netwalker, disrupting billing and several other online services.
K-Electric is one of the largest electricity suppliers in Pakistan, serving 2.5 million customers and over 10,000 employees.
On September 7, 2020, the company's customers found that they could not access online services for their accounts. In an attempt to solve this problem, K-Electric specialists redirected users to a staging site, but at the present time there are difficulties in its operation.
An information security researcher known by the pseudonym Ransom Leaks, who told the publication about the incident, reports that, according to a local Pakistani information security company, this attack affected K-Electric's internal services, but did not affect the supply of electricity.
BeepingComputer also cites its own anonymous sources in the information security community, which claim that K-Electric has become a victim of the Netwalker ransomware. For example, journalists cite screenshots of the cybercriminals' Tor payment site, where ransomware operators demand from K-Electric representatives $ 3,850,000 in cryptocurrency ransom. If the ransom is not paid within the next week, the attackers promise to increase the amount to $ 7.7 million.
In addition, this hacker site also has a link to the Stolen data page, where Netwalker operators claim to have stolen some files from K-Electric before carrying out the attack. It is not yet known exactly what information and to what extent the attackers could have stolen, but the hackers threaten to disclose the files in 20 days if the company does not pay.
The NetWalker ransomware was first detected in August 2019. It was originally named Mailto, but later the researchers renamed it NetWalker.
The malware works according to the RaaS (ransomware-as-a-service) model: attackers register on a special portal and are tested, after which they can create their own versions of the ransomware.
American law enforcement and information security experts note that in recent months the group's activity has increased significantly. Currently, the most famous victim of NetWalker is Michigan State University, infected by the ransomware at the end of May this year.
According to McAfee experts, NetWalker can be compared to Ryuk or REvil in terms of "profitability", since since March 2020, the ransomware has brought its operators about $ 25,000,000.