It has been reported that K-Electric, Pakistan’s largest private power utility, has suffered a Netwalker ransomware attack that led to the disruption of billing and online services. K-Electric serves 2.5 million customers and employs over 10 thousand people.
The #cyberattack has affected KE's Windows computers and backups, and hacked encrypted data is no longer usable 🇵🇰
➡️ https://t.co/HVgDFui66h #ransomware #cybersecurity w./ @brecordernews
— Stormshield (@Stormshield) September 9, 2020
While details surrounding how K-Electric\’s network was compromised with the Netwalker ransomware are scarce, this attack is a perfect example of recent ransomware trends. Netwalker attacks are known to target victims using phishing emails disguised as COVID-19 updates from their organization, taking advantage of the heightened fears and anxieties that come with the current pandemic. Netwalker attacks also up the traditional ransomware ante, by threatening to publish stolen data online if the ransom isn\’t paid. This means simply reaching for a backup isn\’t sufficient if sensitive data has been stolen that could compromise customers, employees, or partners, and could also damage an organization\’s reputation and public trust. Finally, Netwalker operates as a ransomware-as-a-service (RaaS), meaning the ransomware software is sold to other users who can customize it as they please. This results in many variants of Netwalker floating around that have different goals and attack techniques.
As ransomware evolves and more frequently targets the enterprise, organizations need to take care to keep security solutions updated, keep cold backups outside of the network, make sure all workstations and servers are running the latest OS and software patches, and try to reduce attack surfaces in general. Gone are the days of simply running antivirus software for proper protection; organizations need to know where all sensitive data is located, lockdown access to that data, and constantly monitor the network with real-time threat detection and response solutions.
The attack against K-Electric once again highlights a concerning trend we continue to see. Ransomware attackers are demanding higher ransoms, aimed at larger and more critical organisations, and they are now often using a two-pronged approach that combines data encryption with data theft, making it difficult for the victim to avoid paying up. Fortunately in this case it appears K-Electric’s operational networks were not impacted.
When it comes to ransomware, prevention is always better than cure, and this involves organisations deploying tools that will help them immediately identify when something ambiguous is happening within the infrastructure. Applying artificial intelligence and machine learning for real-time detection and response, organisations can monitor for malware to rapidly discover and act to remove malicious code before harm is done.