Security Experts:

Ransomware Gang Leaks Data Allegedly Stolen From Greek Gas Supplier

The cybergang behind the Ragnar Locker ransomware has published more than 360 gigabytes of data allegedly stolen from Greece’s largest natural gas supplier Desfa.

Established in 2007 as a subsidiary of Depa (Public Gas Corporation of Greece), Desfa operates both the country’s natural gas transmission system and its gas distribution networks.

On Saturday, the company announced that it fell victim to a cyberattack that impacted the availability of some systems, and which also resulted in the leakage of data.

Desfa says it has proactively deactivated IT services to contain the incident, but that it is gradually restoring them to normal operations.

“We have managed to ensure and continue the operation of the National Natural Gas System (NNGS) in a safe and reliable way. The management of the NNGS continues to operate smoothly and Desfa continues to supply natural gas to all entry and exit points of the country safely and adequately,” the company said.

The day before Desfa's announcement, Ragnar Locker’s operators boasted on their Tor website about having hacked the company, claiming to have stolen sensitive corporate data.

The cybergang said that they had contacted the company to inform it of a ‘serious vulnerability’ that led to the breach, but that it had not heard back.

“Desfa remains firm in its position not to negotiate with cybercriminals,” the company said on Saturday.

After not hearing back from Desfa, Ragnar Locker’s operators on Tuesday decided to publish the data supposedly stolen from the gas system operator on their Tor website, while also attempting to shame the company.

In March, the FBI warned that Ragnar Locker had compromised at least 52 entities across 10 critical infrastructure sectors and that the cybergang was changing obfuscation techniques frequently, to avoid detection and prevention.

While it’s unclear how the cybercriminals managed to compromise Desfa, they were previously observed targeting Remote Desktop Protocol (RDP) connections for intrusion, and then deploying a custom virtual machine to perform malicious activities unhindered.

Related: FBI Warns of RagnarLocker Ransomware Attacks on Critical Infrastructure

Related: Ragnar Locker Ransomware Uses Virtual Machines for Evasion

Related: Hackers Demand $11 Million From Capcom After Ransomware Attack

view counter