Customers have been unable to access the online services since Tuesday, according to a report published by BleepingComputer — a resource site that covers ransomware attacks globally.
The power distributor is apparently trying to reroute users through a staging site. But they are facing difficulties.
A local Pakistani security company had tipped off ransomeware researcher, Ransom Leaks, that this attack was impacting KE’s internal services, the report said.
The cyberattack occurred on the morning of September 7, according to information security company Rewterz. However, it’s only disrupting KE’s online billing services and not the supply of power.
Netwalker demanding $3.8m ransom
BleepingComputer said it learned from cybersecurity sources that the power utility was attacked by the Netwalker ransomware.
The ransomware operators have demanded the KE $3,850,000 in ransom, it said. They have warned that if the amount is not paid within another seven days, then the ransom will be increased to $7.7 million.
An independent source with inside information confirmed this was a Netwalker ransomware attack and shared documentary evidence with Samaa Money. The source declined to be identified because of professional reasons.
The Tor payment page BleepingComputer said it had seen included a ‘Stolen data’ page. It states the Netwalker operator stole unencrypted files from K-Electric prior to the attack. However, the page does not reveal how much or what data was stolen.
Netwalker has been actively infecting its targets since 2019, according to the report. The threat actors began recruiting skilled hackers and focusing entirely on enterprise networks in March this year. This change in tactics has reportedly led to the ransomware gang earning $25 million in just five months.
Some recent Netwalker attacks targetted Argentina’s immigration offices, US government agencies, and the University of California San Francisco (UCSF), who paid a $1.14 million ransom.
KE denies ransomware attack, says all critical customer services ‘fully functional’
K-Electric said it did not receive any ransom demand but admitted it experienced a cyber-incident earlier this week. It said all its critical customer services, including bill payment solutions and 118 call centre, were “operational and fully functional”.
“To ensure the integrity of our systems, as a precautionary measure, we have isolated few non-critical services,” it said in a statement. “As such customers may experience some disruption in accessing duplicate bills from the KE website. As an alternate, duplicate bills may be availed from the nearest K-Electric Customer Care Centre.”
The power utility said its teams had initiated consultation with international information security experts and were collaborating with local authorities too.
It regretted any inconvenience caused to customers as it has been following cyber-security protocols.