Cyberattack on NTPC Further Exposes the Cybersecurity Risks of Energy Sector

Northwest Territories Power Corporation (NTPC), a generator and distributor of electricity in Canada, was hit with a ransomware attack.

NTPC Under attack

The NTPC's internal systems were targeted via a ransomware attack.

  • A ransomware attack hit NTPC, shutting down its IT systems and impacting the power generation, transmission, and distribution systems of the company.
  • MyNTPC, the online payment portal used by NTPC, was not working properly and leading the customers to a message saying that the files were encrypted by Netwalker.
  • Although not confirmed for this case, but the spread of Netwalker ransomware (aka Mailto) is usually associated with the Covid-19 themed phishing emails, as observed during its previous attacks (discussed below).

Earlier data breach incident with NTPC

Before this ransomware incident, NTPC had earlier witnessed another data breach incident:

  • In January 2016, NTPC informed its customers that it had wrongly sent some personal details of its customers to the third-party, resulting in a breach of their personal data.
  • A file containing the list of customer names, meter addresses, and account balances was sent out to some customers while responding to some customer inquiries.

Other attacks on Energy Sector

NTPC is not the only organization facing such breach or ransomware incidents. Several other organizations in the Energy sector have faced such incidents.

  • In April 2020, the Portuguese multinational energy giant Energias de Portugal (EDP) was hit with Ragnar Locker ransomware, wherein the hackers stole 10 TB of sensitive company files, and asked for 1580 BTC ($10.9M or €9.9M) in ransom.
  • In March 2020, the European Electricity Association ENTSO-E was targeted by a cyber intrusion incident, although no further details about the incident were disclosed.
  • In February 2020, the Reading Municipal Light Department (RMLD) was targeted by cybercriminals, in an attempt to extort money by encrypting data in the station's computer system.
  • In January 2020, a hacking campaign by Iranian hackers was observed targeting the European energy sector, in which the attackers tried to steal sensitive information using the PupyRAT malware.

Other attacks by Netwalker

The Netwalker ransomware is also known for compromising enterprise networks and encrypting all of the Windows devices connected to it. Here are a few notable incidents:


Ways to stay secure

Here are the guidelines to stay protected from the Netwalker ransomware:
  • Do not open any suspicious or irrelevant emails, especially those having any attachments. Avoid opening emails with attractive offers or unbelievable news items, especially from the agencies you haven’t subscribed to. 
  • Avoid downloading any software from unofficial and untrustworthy download websites, peer-to-peer sharing networks, and other third-party downloaders. Always trust only the official and verified sources only.
  • Keep the operating system and all applications updated with the latest patches released by the vendor to avoid the exploitation of any known vulnerabilities.