K-Electric, Pakistan’s largest power supplier, has been hit by a ransomware attack that disrupted multiple online services, including customer billing.
The attack on the morning of September 7 left customers unable to access various services for their online accounts. Luckily, power delivery services were not affected.
Netwalker ransomware operators have given the company a seven-day deadline to pay a ransom of $3.85 million in Bitcoin and threatened to double the amount if their demands are not met.
The ransomware gang also claimed to have stolen data from K-Electric. However, the company did not provide information regarding the type of data stolen.
As of today, K-Electric added a cyber-attack notice on its website, updating customers regarding online services usage.
“While all critical customer services, including bill payment solutions and 118 call-centre are operational and fully functional, to ensure the integrity of our systems, as a precautionary measure, we have isolated few non-critical services,” the notification reads.
“As such, customers may experience some disruption in accessing duplicate bills from the KE website. As an alternate, duplicate bills may bee availed from the nearest K-Electric Customer Care Centre. The KE teams have initiated consultation with international information security experts and are also collaborating with local authorities in this regard. Any inconvenience to customers is regretted as the power utility is following cyber security protocols.”
Recent victims of the ransomware gang include Argentina’s immigration Offices and the University of California San Francisco (UCSF), which admitted to paying over $1 million to decrypt its data.