Greek gas operator refuses to negotiate with ransomware group after attack
Greece’s national natural gas operator DESFA confirmed this weekend that it was hit with a cyberattack but said it will not negotiate with the people behind the incident.
DESFA is in charge of managing, exploiting, developing, and operating Greece's natural gas system.
The Ragnar Locker ransomware group added the organization to its leak site on Friday, writing that no one had responded to its demands.
DESFA, the national natural gas transmission system operator in has been ransomed by ragnar locker.
— Michalis Michalos (@Cyb3rMik3) August 20, 2022
A few screenshots and a file tree are available at RL onion site. Relevant post indicates they are in negotiation phase.#Ransomware https://t.co/1640mdWhim pic.twitter.com/KTsHYQkhqB
On Saturday, DESFA confirmed that its IT infrastructure was hit with a cyberattack and that it had a “confirmed impact on the availability of some systems and possible leakage of a number of directories and files.”
“We have managed to ensure and continue the operation of the National Natural Gas System (NNGS) in a safe and reliable way. The management of the NNGS continues to operate smoothly and DESFA continues to supply natural gas to all entry and exit points of the country safely and adequately,” the company said in a statement.
“DESFA remains firm in its position not to negotiate with cybercriminals.”
The root cause of the attack is being investigated, and the organization has hired technical experts to help with the response and recovery.
DESFA deactivated most of its IT services after the attack was discovered and is slowly turning everything back on. The company did not respond to requests for comment on Monday.
Greek law enforcement agencies as well as the Ministry of Digital Governance and Hellenic Data Protection Authority have been notified of the attack.
In March, Greece’s national postal service ELTA struggled to recover from a ransomware attack that forced it to suspend the commercial information systems of all 1,400 post offices for days.
There has been increased concern among government officials and experts about ransomware groups targeting the operational networks of critical infrastructure organizations across the world.
Nearly 40% of all ransomware attacks on industrial organizations and infrastructure in the second quarter of 2022 took place in Europe, according to a recent Dragos report.
Last week, South Staffordshire PLC, the supplier of water to about 1.6 million people in the South Staffordshire and Cambridge regions in the U.K., was attacked by a ransomware group.
For the third quarter of 2022, Dragos said it expected ransomware groups to continue targeting industrial operations, either “through the integration of OT [operational technology] kill processes into ransomware strains, flattened networks allowing for ransomware to spread into OT environments, or through precautionary shutdowns of OT environments by operators to prevent ransomware from spreading to OT systems.”
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.