Last weekend, DESFA, a natural gas transmission system operator in Greece, revealed that a cyberattack led to “a limited scope data breach and IT system outage.”
What Happened?
According to a public statement made by the natural gas distributor, the threat actors tried to breach its system, but the swift actions of its IT team stopped them.
Although the network breach was short, the attackers managed to access and possibly leak some documents and private data.
Protection Measures
In order to protect the information of its customers, DESFA shut down most of its online services. Nevertheless, as specialists strive to carefully restore the deactivated services, they will slowly resume regular operations.
The gas distributor tells its customers that there won’t be any repercussions on the gas supply as a result of the cyberattack, and that all input and output points are operating at their full capacity.
As per DESFA, the organization has notified the police’s cybercrime department, the national data protection office, the national defense department, and the ministry of energy and environment to assist in resolving the situation as quickly as possible.
The ransom negotiation part is out of the question as DESFA has made it clear that it will never communicate with cybercriminals.
Who’s Responsible for the Attack?
The attack was confirmed following the data leak on the Ragnar Locker ransomware gang website. Ragnar Locker made its debut more than two years ago and, in 2021, has had many high-profile cyberattacks.
Even though its volume has decreased compared to previous years, Ragnar Locker is still operational in 2022. According to the Federal Bureau of Investigation (FBI) in the United States, at least 52 businesses from various critical infrastructure sectors in the United States have been infected by the Ragnar Locker ransomware group starting January 2022.
The attackers published on their extortion website a list of purportedly stolen information along with a small collection of stolen documents that don’t seem to contain any confidential data.
Additionally, the ransomware group claims to have discovered numerous security flaws in DESFA’s systems and notified the natural gas company, probably as part of their extortion scheme. The threat actors didn’t receive a response from DESFA.
If the affected company doesn’t comply with their requests, the cybercriminals threaten to expose every file associated with the file tree.
This incident takes place at a difficult time for European gas distributors as all of the countries in Europe chose to stop depending on Russian natural gas, which, of course, led to serious issues.