ragnarlocker attacks DESFA - Pipeline company LEAK

Incident Date:

August 23, 2022

World map



ragnarlocker attacks DESFA - Pipeline company LEAK


DESFA - Pipeline company LEAK




Chalandri, Greece

Chalandri, Greece

First Reported

August 23, 2022

Ragnar Locker Ransomware Attack on DESFA: A Strategic Energy-Related Company

DESFA, a strategic energy-related company operating in the Energy, Utilities & Waste sector, has been targeted by the Ragnar Locker ransomware group. The attack was confirmed by the company, which stated that it suffered a limited scope data breach and IT system outage following the cyberattack. DESFA is responsible for managing, exploiting, developing, and operating Greece's natural gas system.

The Ragnar Locker ransomware group claimed responsibility for the attack on DESFA's IT infrastructure, which resulted in the leakage of some directories and files. The company has been operating since 2019 and has been targeting critical industries, including the energy sector. The group uses a double extortion scheme and avoids being executed in countries where it is located.

DESFA has been recognized for its commitment to Corporate Social Responsibility (CSR) and has set priorities towards the development of its services towards a wide range of customers. The company also operates in compliance with the OHSAS 18001 model, certified by Moody’s InterTek, covering all the activities of the company.

The attack on DESFA comes at a time when the energy sector is facing increased concern about ransomware groups targeting the operational networks of critical infrastructure organizations across the world. Nearly 40% of all ransomware attacks on industrial organizations and infrastructure in the second quarter of 2022 took place in Europe.

DESFA has not responded to requests for comment on the attack and has not disclosed the root cause of the incident. The company has hired technical experts to help with the response and recovery process.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.