Greek gas operator refuses to negotiate with ransomware group after attack
Jonathan Greig August 22, 2022

Greek gas operator refuses to negotiate with ransomware group after attack

Greek gas operator refuses to negotiate with ransomware group after attack

Greece’s national natural gas operator DESFA confirmed this weekend that it was hit with a cyberattack but said it will not negotiate with the people behind the incident.

DESFA is in charge of managing, exploiting, developing, and operating Greece’s natural gas system. 

The Ragnar Locker ransomware group added the organization to its leak site on Friday, writing that no one had responded to its demands.

On Saturday, DESFA confirmed that its IT infrastructure was hit with a cyberattack and that it had a “confirmed impact on the availability of some systems and possible leakage of a number of directories and files.”

“We have managed to ensure and continue the operation of the National Natural Gas System (NNGS) in a safe and reliable way. The management of the NNGS continues to operate smoothly and DESFA continues to supply natural gas to all entry and exit points of the country safely and adequately,” the company said in a statement. 

“DESFA remains firm in its position not to negotiate with cybercriminals.”

The root cause of the attack is being investigated, and the organization has hired technical experts to help with the response and recovery. 

DESFA deactivated most of its IT services after the attack was discovered and is slowly turning everything back on. The company did not respond to requests for comment on Monday. 

Greek law enforcement agencies as well as the Ministry of Digital Governance and Hellenic Data Protection Authority have been notified of the attack.

In March, Greece’s national postal service ELTA struggled to recover from a ransomware attack that forced it to suspend the commercial information systems of all 1,400 post offices for days.

There has been increased concern among government officials and experts about ransomware groups targeting the operational networks of critical infrastructure organizations across the world. 

Nearly 40% of all ransomware attacks on industrial organizations and infrastructure in the second quarter of 2022 took place in Europe, according to a recent Dragos report

Last week, South Staffordshire PLC, the supplier of water to about 1.6 million people in the South Staffordshire and Cambridge regions in the U.K., was attacked by a ransomware group

For the third quarter of 2022, Dragos said it expected ransomware groups to continue targeting industrial operations, either “through the integration of OT [operational technology] kill processes into ransomware strains, flattened networks allowing for ransomware to spread into OT environments, or through precautionary shutdowns of OT environments by operators to prevent ransomware from spreading to OT systems.”

Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.