K-Electric is the largest power supplier in Pakistan, serving 2.5 million customers and employing more than 10,000 employees.
Since yesterday, customers of K-Electric have been unable to access the online service of their accounts.
In order to solve this problem, K-Electric seems to be trying to reroute users through a temporary site, but it has encountered difficulties at present.
Ransom Leaks, a ransomware researcher, told BleepingComputer about the attack. He got news from a local Pakistani security company that the attack was affecting K-Electric’s internal services.
According to Reuterz, this cyber attack occurred on the morning of September 7th, and it was destroying K-Electric’s online billing service, not the power supply.
BleepingComputer has sent an e-mail about this attack to K-Electric, but it didn’t get a reply.
After learning about the attack, BleepingComputer learned from network security people who wished to remain anonymous that Netwalker ransomware attacked K-Electric.
On the Tor payment page seen by BleepingComputer, ransomware operators demanded a ransom of $3,850,000. If the ransom is not paid in another seven days, the ransom will increase to $7.7 million.
The Tor payment website also includes a "Stolen Data" page, which shows that the Netwalker operator stole unencrypted files from K-Electric before the attack. This page does not reveal how much or what data was stolen.
Since the summer of 2019, Netwalker has been actively infecting victims. It was not until March 2020, when the threat participants began to recruit skilled hackers and completely focused on the corporate network, that we began to see widespread attacks.
According to a report by McAfee, this change in strategy made ransomware gangs earn $25 million in just five months.
Recent attacks on Netwalker include the Argentine Immigration Bureau, US government agencies and the University of California, San Francisco (UCSF), which paid a ransom of $1.14 million.