Cyber Incident Victim: K-Electric

On September 7, 2020, Pakistan’s largest private power utility, K-Electric, experienced a Netwalker ransomware attack disrupting its online billing systems and customer account services. The company, serving 2.5 million customers in Karachi and employing over 10,000 people, confirmed the incident after customers reported inability to access online services starting September 6. A local Pakistani security firm alerted ransomware researcher Ransom Leaks about the breach, which specifically targeted internal systems but did not affect electricity supply operations. K-Electric initiated forensic investigations with international IT security experts and coordinated with local law enforcement. Initial statements on September 11 indicated no evidence of customer data theft, though critical services like bill payment solutions, customer care centers, and the 118 call-center remained operational throughout the incident.

Netwalker operators claimed to have stolen unencrypted files prior to encryption and demanded a $3.8 million ransom, threatening to double the amount to $7.7 million if unpaid within seven days. K-Electric’s Chief Marketing and Communication Officer, Mahreen Khan, publicly refuted claims of direct ransom communication, stating the company had not received any such demand. The attackers published a "Stolen data" page on their Tor payment portal but did not disclose the quantity or nature of the exfiltrated data. This attack aligned with Netwalker’s intensified focus on enterprise networks since March 2020, a strategy that reportedly generated $25 million in illicit revenue over five months. Prior high-profile Netwalker victims included Argentina’s immigration offices, U.S. government agencies, and the University of California San Francisco, which paid a $1.14 million ransom. K-Electric continued enhancing system robustness while maintaining its forensic examination as of September 11.