View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 23, 2022updated 24 Aug 2022 5:46am

Ragnar Locker ransomware gang hits Greek natural gas supplier DESFA

Greece's largest natural gas distributor says supply has remained constant during an attack by Ragnar Locker.

By Matthew Gooding

The Ragnar Locker ransomware gang has claimed responsibility for an attack on Greece’s national gas system operator as it continues its assault on critical infrastructure providers around the world.

Greece’s natural gas supplier DESFA has been hit with a ransomware attack (Photo by imaginima/iStock)

Files from DESFA, Greece’s largest natural gas distributor, have been published on Ragnar Locker’s leak site on the dark web following the attack, which was confirmed over the weekend.

DESFA said it “remains steadfast in its position not to engage with cybercriminals”, suggesting any demand for ransom has not been paid.

DESFA cyberattack saw data leaked

DESFA said the perpetrators of the attack broke into its systems to gain access to files, and that the incident had had a “confirmed impact on the availability of certain systems”, with some data having been leaked.

It said that it had disabled “most of its IT systems” as part of efforts to contain the breach, but that supply of natural gas had not been affected.

“We have mobilised teams of technical and specialist experts to assist us in this matter and to get the systems back up and running as soon as possible,” the DESFA statement said.

The company is working with Greece’s digital ministry, its data protection office and local police to try and get to the bottom of the breach.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Ragnar Locker’s campaign against critical infrastructure providers

Ragnar Locker says it has found multiple flaws in DESFA’s systems, and that it has informed the company of these.

The ransomware gang has been active since 2019, and made its name in 2020 with breaches of high-profile business including games publisher Capcom, Portuguese energy supplier Energias de Portugal and Italian drinks conglomorate Campari.

More recently it has turned its attention to critical infrastructure providers, and in March the FBI published a warning about the gang, stating that its ransomware had hit 52 US infrastructure businesses across sectors including manufacturing, financial services and energy.

Ragnar Locker is known for using “double extortion” tactics on victims, where a ransom is demanded to decrypt data, and the threat of information being online is also used as a way to make the impacted organisation pay up.

Tech Monitor is hosting a roundtable in association with Intel vPro on how to integrate security into operations. For more information, visit

Read more: BlackCat ransomware gang taunts victim on LinkedIn

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.