ISLAMABAD: The National Cyber Emergency Response Team (NCERT) has issued a high-priority advisory to 39 key government ministries and institutions, warning of a “severe risk” from ongoing ‘Blue Locker’ ransomware attacks.
The move comes after several Pakistani organizations were targeted, with at least one major company confirming a significant impact.
The advisory, released on Sunday, follows a series of ransomware incursions that have compromised networks across the country.
According to the NCERT spokesperson Imran Haider, while some deployed systems are continuously detecting and blocking the malware, certain entities, including Pakistan Petroleum Limited, have been “impacted severely.” This development highlights a growing threat to critical infrastructure and data security within the nation.
The Blue Locker ransomware is a potent cyber threat that specifically targets Windows-based desktops, laptops, servers, and connected storage systems.
The advisory states that the malware encrypts files, appends a blue extension, and demands a ransom payment for the decryption keys. It has the potential to cause “severe data loss, operational disruption, and reputational harm.”
Experts suggest the attack vectors for Blue Locker include trojanized downloads, malicious phishing emails, and compromised websites.
Once executed, the ransomware is capable of disabling antivirus software and spreading laterally across a network to exfiltrate sensitive data, a move that significantly escalates the potential for damage.
In response, the NCERT has outlined a series of mandatory precautions for organizations. These include, Keeping all systems and software updated with the latest security patches, applying multi-factor authentication (MFA) to all user accounts, implementing robust email and web content filtering to block malicious content, training staff on threat detection and best practices for avoiding suspicious downloads and maintaining offline backups of all critical data.
The advisory stresses the importance of “immediate isolation of any infected system and prompt reporting to the cybersecurity team” to prevent the malware from spreading further.
Independent cybersecurity experts have voiced concerns about the preparedness of government bodies to handle such sophisticated attacks.
Tariq Malik, a former chief technology officer for Pakistan Army, stated that government departments were “ill-prepared” and lack the necessary structure and clear policies to deal with these threats.
Similarly, Ammar Jaffery, President Pakistan Information Security Association (PISA), emphasized the need for a shift from a reactive to a proactive cybersecurity posture. He recommended continuous staff training, regular system checks, and the establishment of dedicated Security Operations Center (SOC) teams to monitor threats around the clock.
