On 7 September, K-Electric had suffered a targeted Netwalker ransomware attack, resulting in the suspension of billing and online services of the company. Initially, the Netwalker gang had demanded a $3.5 million ransom from K-Electric, an amount which was increased to $7 million after a week.
K-Electric has access to sensitive information such as customers’ names, addresses, CNICs, NTNs, credit cards, and bank accounts details. Hackers can sell this data on the dark web, leaving millions of K-Electric consumers vulnerable to online threats. Despite KE’s persistent claims that no such hacking had taken place, today 8.5 GB of that stolen data was dumped on the dark web, exposing innumerable customers of KE at risk.
ProPakistani reported on Tuesday that a group of hackers had infiltrated K-Electric’s website through targeted ransomware and had threatened to leak the confidential data after the final deadline for payment of ransom given to the Karachi’s sole electricity supplier expired on Monday.
Information Security Researcher and Cybersecurity expert, Rafay Baloch posted evidence of this data dumping through his Twitter page, and said “K-Electric has constantly tried to downplay the incident by claiming that there was no ransomware attack in the first place. The facts obtained are however contrary to their claims.”
8.5 GB of K-Electric data dumped on #Darkweb, K-Electric has constantly tried to downplay the incident by claiming that there was no ransomware attack in the first place. The facts obtained are however contrary to their claims. pic.twitter.com/dVEVQfgDx4
— Rafay Baloch (@rafaybaloch) September 30, 2020
ProPakistani reached out to Baloch for details on the matter, to which he said, “From the data dumped on Dark-Web it is evident that K-Electric was struck with Netwalker Ransomware, the ransomware works by exfiltrating the data before encrypting it and demands ransom, upon failure to provide ransom, the data is dumped online.
This is to ensure that even in case if the company has managed to somehow restore backups, they would still be compelled to pay ransom to prevent any reputational loss.”
Confidential data from KE is not only limited to the private or industrial consumers, but considering that K-Electric’s website also includes the company’s internal communication, correspondence with banks, and email service data, this hacking can be imagined to have far reaching and catastrophic consequences.
Baloch told ProPakistani that, “Since, K-Electric happens to be the custodian of Public data, it is their ethical responsibility to safeguard it, where-as the attitude of K-Electric in handling the data breach has been extremely irresponsible”.
He said, “In absence of Data Protection laws in Pakistan, Companies are not bound to safeguard customer data and be transparent when disclosing a data breach”.
K-Electric had acquired the services of international information security experts after the hacking incident to reclaim its website from hackers. The electricity supplier had also lodged a complaint with the Federal Investigation Agency (FIA) regarding the hacking incident.
It is worth mentioning here that this is not the first time K-Electric had come under a cyber attack. The power provider has been at the receiving end of a cyber attack in August 2018 as well.
KE released its response through a press release reiterating that “Customer data had remained intact and secure and initiated the restoration of those services that had been isolated, while adhering to cyber security guidelines,” and that “The power utility would like to clarify that it is not negotiating with any entity in this regard”.
Their statement read, “K-Electric, the sole electricity provider to the city of Karachi and its adjoining areas was the target of a ransomware incident in the first week of September. The power utility would like to state that all critical customer support functions and services such as bill payment solutions and the 118 call center remained operational. However, a few non-critical services were immediately isolated as a precautionary measure to ensure the integrity of information systems and servers.
KE’s internal IT teams responded quickly to the incident and initiated consultations with international IT security experts and also collaborated with local authorities in line with prevalent cybersecurity protocols. Following internal forensic investigations, the company confirmed that customer data had remained intact and secure and initiated the restoration of those services that had been isolated, while adhering to cybersecurity guidelines.
The power utility has also initiated a series of critical updates and activities on its IT Infrastructure, applications and users’ systems. These activities include security software updates, antimalware/antivirus updates, data protection and further strengthening of network security. Additional initiatives have also been planned and are being implemented to minimize the exposure of threats/vulnerabilities/attacks in the future.
The power utility clarified that it is not negotiating with any entity in this regard.