kelvinsecurity attacks Pakistan Human Rights

Incident Date:

April 1, 2022

World map



kelvinsecurity attacks Pakistan Human Rights


Pakistan Human Rights




Islamabad, Pakistan

Islamabad Capital Territory, Pakistan

First Reported

April 1, 2022

Ransomware Attack on Pakistan's National Commission for Human Rights

About the Victim

The National Commission for Human Rights (NCHR) in Pakistan, an organization dedicated to promoting and protecting human rights, has been targeted by the ransomware group Kelvinsecurity. The attack was announced on the group's dark web leak site. The NCHR operates in the Organizations sector and has been subjected to a ransomware attack, which is a significant concern for the organization and its stakeholders.

The NCHR was established through the National Commission for Human Rights Act, 2012, with the mandate to promote and protect human rights according to the Constitution of the Islamic Republic of Pakistan and international human rights instruments. The organization's primary functions include conducting investigations into human rights abuses, reviewing legislation, acting as a court when required, and contributing to national human rights awareness-raising and advocacy initiatives.

Vulnerabilities and Threats

The NCHR has faced various threats in the past, including targeted digital attacks on human rights defenders. In 2018, Amnesty International reported a campaign of hacking, spyware, and surveillance targeting human rights defenders in Pakistan, which included the use of fake online identities and social media profiles to ensnare activists. This history of targeted attacks suggests that the NCHR may have been a prime target for the Kelvinsecurity ransomware group.

Impact and Mitigation

The ransomware attack on the NCHR has not been publicly disclosed in detail, and it is unclear what data or systems were affected. However, ransomware attacks typically involve encrypting data and demanding a ransom for its release. The NCHR and its stakeholders must take immediate steps to mitigate the impact of the attack, including restoring data from backups, implementing stronger security measures, and notifying affected individuals and organizations.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.