An electric supply company based in Karachi, Pakistan suffered a Netwalker ransomware infection that disrupted its billing and online services.
learned of the attack through Ransom Leaks, a ransomware researcher who received word from a local Pakistani company that the attack was affecting K-Electric's internal services.
According to Rewterz, the Netwalker attack began on September 7 and affected utility supplier K-Electric's online billing services. It was on that day when customers began reporting that they were having issues accessing their accounts for the company.
A screenshot of the error screen that some K-Electric customers saw when they attempted to access their accounts on September 7. (Source: Bleeping Computer)
Per Bleeping Computer's reporting, K-Electric was in the process of trying to re-route its customers through a staging site so that they could access their accounts while it worked to respond to the attack.
The infection had not affected the ability of the company to supply power to its estimated 2.5 million customer base at the time of writing, as noted by Rewterz.
It was a busy summer for Netwalker. At the end of July, the FBI released a flash alert
in which it warned that the Netwalker gang was actively targeting U.S. and foreign government organizations along with entities operating in the healthcare and education sectors.
About a month later
, Bleeping Computer reported that Dirección Nacional de Migraciones, Argentina's official immigration agency, had suffered an infection at the hands of the same group. That attack had temporarily disrupted the entity's ability to process traffic at Argentina's border.
This attack highlights the need for organizations to defend themselves against ransomware such as Netwalker. They can use this resource
to learn more about how the Netwalker ransomware family operates in particular. This intelligence can inform the efforts to prevent a ransomware infection from happening in the first place