K-Electric, the company in charge of providing electricity to Karachi, Pakistan, faced a cyberattack this week. This attack involved NetWalker, for-hire ransomware, that rendered certain important services useless for some time.
Local sources suggest that the attack occurred on the morning of September 7, and it disrupted online billing services. K-Electric released a statement on Wednesday, September 9, which read that there might be technical difficulties in accessing duplicate electricity bills through the company’s website.
This ransomware attack stole unencrypted files from K-Electric’s database, allegedly through multiple company computers. The exact nature of the stolen data is not known, however, it is speculated to be personal details of consumers. Consumers who pay their bills online often have sensitive information revealed to the company, including details like names, addresses, CNIC, or NTN numbers. It is noteworthy that CNIC numbers are linked to a person’s financial details.
The hackers have asked for a ransom of $3.8m, and if that is not paid in the stipulated time, then it would go up to $7.7m. They made these demands on a Tor payments page, where they also included a ‘stolen data’ page to show all the files the hackers held.
Ransomware on the rise
The world is currently witnessing a wave of cyberattacks led by ransomware like NetWalker. Predominantly, the attacks involve malicious software being inserted into a corporation’s computers. The malware then leak sensitive data to the hackers, who then demand ransom in exchange for the stolen data.
American tech giant Tesla recently thwarted one such ransomware attack, thanks to the vigilance of its employees. However, some firms like Cygilant, a cybersecurity company, were not so successful in preventing cyberattacks.