DESFA logo over gas pipelines

Greece’s largest natural gas distributor DESFA confirmed on Saturday that they suffered a limited scope data breach and IT system outage following a cyberattack.

In a public statement shared with local news outlets on Saturday, DESFA explained that hackers attempted to infiltrate its network but were thwarted by the quick response of its IT team.

However, some files and data were accessed and possibly “leaked,” so there was a network intrusion, even if limited.

DESFA deactivated many of its online services to protect client data. However, these services will gradually return to normal operations as experts work towards a careful restoration.

DESFA assures its consumers that this incident won’t impact the gas supply and that all input and output points operate at normal capacity.

The company states it has informed the police’s cybercrime department, the national data protection office, the national defense department, and the ministry of energy and environment to help resolve the matter at minimal time and consequence.

Finally, DESFA declares an unwavering stance against communicating with cyber criminals, so there will be no negotiation of a ransom payment.

Ragnar Locker claims responsibility

The confirmation of the attack comes after data was leaked on Friday by the Ragnar Locker ransomware operation, a threat actor that began operations over two years ago and has had numerous high-profile attacks in 2021.

Ragnar Locker remains active in 2022, even if its volumes have dropped compared to the past. A recent FBI report linked Ragnar Locker to 52 network intrusions in critical U.S. infrastructure entities as of January 2022.

The threat actors posted a list of allegedly stolen data on their data leak/extortion portal and a small set of stolen files that don’t appear to include classified information.

Moreover, Ragnar Locker says they’ve found multiple security vulnerabilities on DESFA’s systems and informed them of the fact, likely as part of their extortion attempt. However, the threat actors allegedly did not respond to them.

The ransomware actors threaten to publish all files corresponding to the file tree if the victimized organization doesn’t meet their demands.

DESFA listed on the Ragnar Locker extortion page
DESFA listed on the Ragnar Locker extortion page

This attack comes at a tough time for gas suppliers in Europe, as all countries in the continent decided to abruptly cut their dependence on Russian natural gas, which inevitably created problems.

The upcoming winter is expected to be plagued by shortages, power cuts, rationing, and soaring energy prices, leaving consumers even more vulnerable to ransomware attacks against gas suppliers.

Source: www.bleepingcomputer.com