View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 23, 2022updated 24 Aug 2022 5:46am

Ragnar Locker ransomware gang hits Greek natural gas supplier DESFA

Greece's largest natural gas distributor says supply has remained constant during an attack by Ragnar Locker.

By Matthew Gooding

The Ragnar Locker ransomware gang has claimed responsibility for an attack on Greece’s national gas system operator as it continues its assault on critical infrastructure providers around the world.

Greece’s natural gas supplier DESFA has been hit with a ransomware attack (Photo by imaginima/iStock)

Files from DESFA, Greece’s largest natural gas distributor, have been published on Ragnar Locker’s leak site on the dark web following the attack, which was confirmed over the weekend.

DESFA said it “remains steadfast in its position not to engage with cybercriminals”, suggesting any demand for ransom has not been paid.

DESFA cyberattack saw data leaked

DESFA said the perpetrators of the attack broke into its systems to gain access to files, and that the incident had had a “confirmed impact on the availability of certain systems”, with some data having been leaked.

It said that it had disabled “most of its IT systems” as part of efforts to contain the breach, but that supply of natural gas had not been affected.

“We have mobilised teams of technical and specialist experts to assist us in this matter and to get the systems back up and running as soon as possible,” the DESFA statement said.

The company is working with Greece’s digital ministry, its data protection office and local police to try and get to the bottom of the breach.

Ragnar Locker’s campaign against critical infrastructure providers

Ragnar Locker says it has found multiple flaws in DESFA’s systems, and that it has informed the company of these.

Content from our partners
Unlocking the value of artificial intelligence and machine learning
Behind the priorities of tech and cybersecurity leaders
Corporate ransomware attacks: It’s only a matter of when, not if

The ransomware gang has been active since 2019, and made its name in 2020 with breaches of high-profile business including games publisher Capcom, Portuguese energy supplier Energias de Portugal and Italian drinks conglomorate Campari.

More recently it has turned its attention to critical infrastructure providers, and in March the FBI published a warning about the gang, stating that its ransomware had hit 52 US infrastructure businesses across sectors including manufacturing, financial services and energy.

Ragnar Locker is known for using “double extortion” tactics on victims, where a ransom is demanded to decrypt data, and the threat of information being online is also used as a way to make the impacted organisation pay up.

Tech Monitor is hosting a roundtable in association with Intel vPro on how to integrate security into operations. For more information, visit

Read more: BlackCat ransomware gang taunts victim on LinkedIn

Topics in this article:
Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy