In a bizarre development, K-Electric was attacked by a group of Netwalker ransomware attackers back on 7 September, resulting in the suspension of the company’s online and billing services. The ransom amount was initially set at $3.5 million by the hackers, and was subsequently increased to a staggering $7 million within a week.
While KE was busy insisting to the media that such an attack never took place, the hackers went ahead and dumped a massive 8.5GB worth of customer data that they had stolen from the company on the dark web. This not only exposes thousands of customers now, but also brings about a PR crisis for KE as the company is undoubtedly struggling to assure customers and find a way to appease the hackers.
The sensitive information that the hackers got access to includes customer names, addresses, CNICs, NTNs, credit cards, and bank account details.
A concerning aspect of this saga is that K-Electric has hardly appeared to have taken it seriously, and has gone on to claim that the ransomware attack never happened. Information Security Researcher and cybersecurity expert Rafay Baloch debunked this claim by posting evidence of the data dumping on his Twitter page, adding that the company “has constantly tried to downplay the incident” and that “the facts obtained are however contrary to their claims.”
K-Electric has acquired the services of international information security experts after the hacking incident to reclaim its website from hackers. The electricity supplier has also lodged a complaint with the Federal Investigation Agency (FIA) regarding the hacking incident.