Cyberattack on NTPC Further Exposes the Cybersecurity Risks of Energy Sector

NTPC Under attack

• A ransomware attack hit NTPC, shutting down its IT systems and impacting the power generation, transmission, and distribution systems of the company.
• MyNTPC, the online payment portal used by NTPC, was not working properly and leading the customers to a message saying that the files were encrypted by Netwalker.
• Although not confirmed for this case, but the spread of Netwalker ransomware (aka Mailto) is usually associated with the Covid-19 themed phishing emails, as observed during its previous attacks (discussed below).

Earlier data breach incident with NTPC

• In January 2016, NTPC informed its customers that it had wrongly sent some personal details of its customers to the third-party, resulting in a breach of their personal data.
• A file containing the list of customer names, meter addresses, and account balances was sent out to some customers while responding to some customer inquiries.

Other attacks on Energy Sector

• In April 2020, the Portuguese multinational energy giant Energias de Portugal (EDP) was hit with Ragnar Locker ransomware, wherein the hackers stole 10 TB of sensitive company files, and asked for 1580 BTC ($10.9M or €9.9M) in ransom.
• In March 2020, the European Electricity Association ENTSO-E was targeted by a cyber intrusion incident, although no further details about the incident were disclosed.
• In February 2020, the Reading Municipal Light Department (RMLD) was targeted by cybercriminals, in an attempt to extort money by encrypting data in the station's computer system.
• In January 2020, a hacking campaign by Iranian hackers was observed targeting the European energy sector, in which the attackers tried to steal sensitive information using the PupyRAT malware.

Other attacks by Netwalker

• In March 2020, the Netwalker ransomware was observed using Coronavirus (COVID-19) themed phishing emails to target its victims. In the same month, this ransomware was also used to target the Champaign-Urbana Public Health District. 
• In February 2020, the Australian Toll Group admitted that they were targeted by the Netwalker ransomware.

Ways to stay secure

• Do not open any suspicious or irrelevant emails, especially those having any attachments. Avoid opening emails with attractive offers or unbelievable news items, especially from the agencies you haven’t subscribed to. 
• Avoid downloading any software from unofficial and untrustworthy download websites, peer-to-peer sharing networks, and other third-party downloaders. Always trust only the official and verified sources only.
• Keep the operating system and all applications updated with the latest patches released by the vendor to avoid the exploitation of any known vulnerabilities.