{
	"id": "90d2b7c5-453f-49c0-aa34-24ed385961c0",
	"created_at": "2026-04-06T00:16:03.809718Z",
	"updated_at": "2026-04-10T03:20:06.381602Z",
	"deleted_at": null,
	"sha1_hash": "56b7d9824c827978f5a338afd62a13d0d4b862ef",
	"title": "Netwalker ransomware hits Pakistan's largest private power utility",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3406562,
	"plain_text": "Netwalker ransomware hits Pakistan's largest private power utility\r\nBy Lawrence Abrams\r\nPublished: 2020-09-08 · Archived: 2026-04-05 14:43:27 UTC\r\nK-Electric, the sole electricity provider for Karachi, Pakistan, has suffered a Netwalker ransomware attack that led to the\r\ndisruption of billing and online services.\r\nK-Electric is Pakistan's largest power supplier, serving 2.5 million customers and employing over 10 thousand people.\r\nStarting yesterday, K-Electric customers have been unable to access the online services for their account.\r\nhttps://www.bleepingcomputer.com/news/security/netwalker-ransomware-hits-pakistans-largest-private-power-utility/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/netwalker-ransomware-hits-pakistans-largest-private-power-utility/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nTo resolve this issue, K-Electric appears to be trying to reroute users through a staging site, but are currently having\r\ndifficulties.\r\nErrors accessing account\r\nRansomware researcher Ransom Leaks, who told BleepingComputer about this attack, was tipped off by a local Pakistani\r\nsecurity company that this attack is impacting K-Electric internal services.\r\nAccording Rewterz, the cyberattack occurred on the morning of September 7th and is disrupting K-Electric's online billing\r\nservices and not the supply of power.\r\nBleepingComputer has emailed K-Electric about this attack but has not heard back.\r\nIn a statement to BleepingComputer, K-Electric states that their initial investigations shows that no data was stolen, but that\r\nthey continue to work with local law enforcement and IT security experts.\r\n\"Karachi, 11th September 2020: Following the attempted cyber incident earlier this week and its on-going forensic\r\ninvestigation, the power utility has confirmed that initial investigation shows all customer data has remained intact and\r\nsecure, reiterating that critical customer services including bill payment solutions, customer care centres and 118 call-centre\r\nare operational and fully functional.\r\nFurther forensic analysis is on-going with international IT security experts along with coordination with local law-enforcement officials. In parallel, all efforts are also being made to enhance system robustness. With regard to on-going\r\nconjecture that a ransom of USD 3.8 million has been demanded, Mahreen Khan, K-Electric’s Chief Marketing and\r\nCommunication Officer (CMCO), refuted these claims saying, “KE has not been directly approached with any such request\r\nand we are categorically not engaged in any such communication.\"\r\nNetwalker is demanding a $3.8 million ransom\r\nAfter being told about this attack, BleepingComputer has learned from cybersecurity sources who wish to remain\r\nanonymous that the Netwalker ransomware attacked K-Electric.\r\nIn a Tor payment page seen by BleepingComputer, the ransomware operators demand a $3,850,000 ransom payment. If a\r\nransom is not paid within another seven days, the ransom will increase to $7.7 million.\r\nhttps://www.bleepingcomputer.com/news/security/netwalker-ransomware-hits-pakistans-largest-private-power-utility/\r\nPage 3 of 5\n\nTor payment page for K-Electric\r\nThe Tor payment site also includes a 'Stolen data' page that states the Netwalker operator stole unencrypted files from K-Electric before performing the attack. This page does not reveal how much or what data was stolen.\r\nTor stolen data page for K-Electric\r\nSince the summer of 2019, Netwalker has been actively infecting victims. It wasn't until March 2020, when the threat actors\r\nbegan recruiting skilled hackers and focusing entirely on enterprise networks, that we began to see widespread attacks.\r\nAccording to a report by McAfee, this change in tactics has led to the ransomware gang earning $25 million in just five\r\nmonths.\r\nRecent Netwalker attacks include Argentina's immigration offices, US government agencies, and the University of\r\nCalifornia San Francisco (UCSF), who paid a $1.14 million ransom.\r\nhttps://www.bleepingcomputer.com/news/security/netwalker-ransomware-hits-pakistans-largest-private-power-utility/\r\nPage 4 of 5\n\nUpdate 9/11/20: Added statement from K-Electric\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/netwalker-ransomware-hits-pakistans-largest-private-power-utility/\r\nhttps://www.bleepingcomputer.com/news/security/netwalker-ransomware-hits-pakistans-largest-private-power-utility/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/netwalker-ransomware-hits-pakistans-largest-private-power-utility/"
	],
	"report_names": [
		"netwalker-ransomware-hits-pakistans-largest-private-power-utility"
	],
	"threat_actors": [],
	"ts_created_at": 1775434563,
	"ts_updated_at": 1775791206,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/56b7d9824c827978f5a338afd62a13d0d4b862ef.pdf",
		"text": "https://archive.orkl.eu/56b7d9824c827978f5a338afd62a13d0d4b862ef.txt",
		"img": "https://archive.orkl.eu/56b7d9824c827978f5a338afd62a13d0d4b862ef.jpg"
	}
}