The Ragnar Locker ransomware gang has claimed responsibility for an attack on Greece’s national gas system operator (DESFA).
DESFA is responsible for the operation, management, exploitation, and development of the National Natural Gas System and its interconnections
DESFA said it “remains steadfast in its position not to engage with cybercriminals”, suggesting any ransom demand has not been paid.
Data leaked from cyberattack
DESFA said the perpetrators of the attack broke into its systems to gain access to files, and that the incident had had a “confirmed impact on the availability of certain systems”, with some data having been leaked.
It said that it had disabled “most of its IT systems” as part of efforts to contain the breach, but that supply of natural gas had not been affected.
“We have mobilized teams of technical and specialist experts to assist us in this matter and to get the systems back up and running as soon as possible,” the DESFA statement said.
The company is working with Greece’s digital ministry, its data protection office, and local police to try and get to the bottom of the breach.
Ragnar Locker attacks compromised corporate networks
Ragnar Locker is a form of malware that particularly targets machines operating on Windows.
First discovered in late 2019, this ransomware was devised as a way of attacking compromised corporate networks.
Cybercriminals looking to deploy Ragnar Locker ransomware first compromise their target’s network, then attempt to crack weak passwords or employ stolen credentials. Once they are inside the target network, the attackers inject malicious software (malware) into the victim’s machines which grabs sensitive data and uploads it via a network connection to their servers.
The attackers then inform their victims that their files will be released to the public unless a ransom is paid.
The FBI determined that operators behind Ragnar Locker avoided certain countries, most notably Russia. Before Russian law enforcement action earlier this year against another ransomware group, REvil, dark web chatter revealed that actors felt safe operating in Russia.
The attack comes at a critical point in time
It is worth noting that the cyber attack comes at the point when gas suppliers in Europe are facing fuel supply shortages because of the cut-off of trade ties with Russia over fuel supply.
