Greek gas operator suffers data breach as criminals exploit energy crisis

24 Aug 2022

Image: © Belish/

Ransomware group Ragnar Locker, which claimed responsibility for the attack, has developed a reputation for targeting critical infrastructure operators.

Cybercriminals are capitalising on Europe’s energy crisis as one of Greece’s largest natural gas distributors has suffered a data breach.

The gas operator, DESFA, confirmed in a public statement that cybercriminals attempted to gain access to its IT systems. DESFA said its gas systems are still operational, but some data may have been exfiltrated by the hackers.

The gas company said it deactivated most of its IT services to protect against the attack and plans to gradually restore its operating systems. DESFA also said it is investigating the incident and has mobilised teams to get its IT systems back to normal as soon as possible.

The ransomware group known as Ragnar Locker has claimed responsibility for the breach. This threat actor has become notorious for targeting critical infrastructure systems.

Ragnar Locker is believed to have breached the networks of at least 52 critical infrastructure organisations, according to an FBI alert earlier this year.

The criminal gang posted details of the allegedly stolen data online and threatened to publish more files if not contacted by DESFA to “fix security issues”, according to a document shared by BleepingComputer.

DESFA said in its statement that it would not engage with cybercriminals.

Exploiting global issues

Cybercriminals are developing a track record for targeting critical infrastructure during periods of crisis, in order to cause further pressure and have their ransom demands met.

For example, there was an attack on a water supplier in the UK last week while the country faced unprecedented drought conditions.

The attack on the Greek natural gas operator comes as the war in Ukraine and other factors have led an energy crisis in Europe.

Oliver Pinson-Roxburgh, CEO of cybersecurity firm, said the attack is another “stark reminder” of the threat to critical infrastructure, as threat actors “thrive on exploiting users’ psychological anxieties and pressures”.

“Ultimately this is another warning for governments, organisations and businesses to recognise the absolute necessity of a strong cyber defence,” Pinson-Roxburgh added.

This view was shared by Todd Carroll, CISO of cybersecurity company CybelAngel. Carroll said organisations need to “constantly scan for network access”, such as open ports and vulnerabilities from outside the enterprise perimeter.

“Given the massive stakes involved in keeping critical infrastructure secure, the premise that ransomware is a public safety issue is now more evident than ever.”

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic