The Ragnar Locker ransomware gang has claimed responsibility for an attack on Greece’s national gas system operator as it continues its assault on critical infrastructure providers around the world.

Greece’s natural gas supplier DESFA has been hit with a ransomware attack (Photo by imaginima/iStock)

Files from DESFA, Greece’s largest natural gas distributor, have been published on Ragnar Locker’s leak site on the dark web following the attack, which was confirmed over the weekend.

DESFA said it “remains steadfast in its position not to engage with cybercriminals”, suggesting any demand for ransom has not been paid.

DESFA cyberattack saw data leaked

DESFA said the perpetrators of the attack broke into its systems to gain access to files, and that the incident had had a “confirmed impact on the availability of certain systems”, with some data having been leaked.

It said that it had disabled “most of its IT systems” as part of efforts to contain the breach, but that supply of natural gas had not been affected.

“We have mobilised teams of technical and specialist experts to assist us in this matter and to get the systems back up and running as soon as possible,” the DESFA statement said.

The company is working with Greece’s digital ministry, its data protection office and local police to try and get to the bottom of the breach.

Ragnar Locker’s campaign against critical infrastructure providers

Ragnar Locker says it has found multiple flaws in DESFA’s systems, and that it has informed the company of these.

The ransomware gang has been active since 2019, and made its name in 2020 with breaches of high-profile business including games publisher Capcom, Portuguese energy supplier Energias de Portugal and Italian drinks conglomorate Campari.

More recently it has turned its attention to critical infrastructure providers, and in March the FBI published a warning about the gang, stating that its ransomware had hit 52 US infrastructure businesses across sectors including manufacturing, financial services and energy.

Ragnar Locker is known for using “double extortion” tactics on victims, where a ransom is demanded to decrypt data, and the threat of information being online is also used as a way to make the impacted organisation pay up.

Tech Monitor is hosting a roundtable in association with Intel vPro on how to integrate security into operations. For more information, visit NSMG.live.

Read more: BlackCat ransomware gang taunts victim on LinkedIn