article featured image


Last weekend, DESFA, a natural gas transmission system operator in Greece, revealed that a cyberattack led to “a limited scope data breach and IT system outage.”

What Happened?

According to a public statement made by the natural gas distributor, the threat actors tried to breach its system, but the swift actions of its IT team stopped them.

Although the network breach was short, the attackers managed to access and possibly leak some documents and private data.

Protection Measures

In order to protect the information of its customers, DESFA shut down most of its online services. Nevertheless, as specialists strive to carefully restore the deactivated services, they will slowly resume regular operations.

The gas distributor tells its customers that there won’t be any repercussions on the gas supply as a result of the cyberattack, and that all input and output points are operating at their full capacity.

As per DESFA, the organization has notified the police’s cybercrime department, the national data protection office, the national defense department, and the ministry of energy and environment to assist in resolving the situation as quickly as possible.

The ransom negotiation part is out of the question as DESFA has made it clear that it will never communicate with cybercriminals.

Who’s Responsible for the Attack?

The attack was confirmed following the data leak on the Ragnar Locker ransomware gang website. Ragnar Locker made its debut more than two years ago and, in 2021, has had many high-profile cyberattacks.

Even though its volume has decreased compared to previous years, Ragnar Locker is still operational in 2022. According to the Federal Bureau of Investigation (FBI) in the United States, at least 52 businesses from various critical infrastructure sectors in the United States have been infected by the Ragnar Locker ransomware group starting January 2022.

The attackers published on their extortion website a list of purportedly stolen information along with a small collection of stolen documents that don’t seem to contain any confidential data.

Additionally, the ransomware group claims to have discovered numerous security flaws in DESFA’s systems and notified the natural gas company, probably as part of their extortion scheme. The threat actors didn’t receive a response from DESFA.

If the affected company doesn’t comply with their requests, the cybercriminals threaten to expose every file associated with the file tree.

DESFA listed on the Ragnar Locker extortion page


This incident takes place at a difficult time for European gas distributors as all of the countries in Europe chose to stop depending on Russian natural gas, which, of course, led to serious issues.

Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.

Leave a Reply

Your email address will not be published. Required fields are marked *