Pakistan Petroleum reports ransomware attack, core operations unaffected

Pakistan Petroleum Limited (PPL) said Wednesday it detected and contained a ransomware intrusion targeting parts of its IT infrastructure, adding that the incident has not affected core operations or compromised sensitive data.

The state-run energy company said the breach was identified on Aug 6, prompting the activation of internal cybersecurity protocols. PPL’s IT and cybersecurity teams, working with external experts, moved quickly to contain the threat, including temporarily suspending select non-critical IT services as a precaution.

PPL operates a multi-layered cybersecurity framework, which the company said helped isolate the threat rapidly. “At this point, there is no indication of compromise to business-critical or sensitive data,” the statement said, noting that operations with joint venture partners and external stakeholders remain unaffected.

The company confirmed it had received a ransomware note from an external actor calling themselves “Blue Locker”. The incident has been reported to relevant law enforcement and regulatory authorities, and investigations are ongoing in coordination with these agencies.

“We remain committed to full transparency and are conducting a comprehensive forensic analysis to assess the scope and reinforce our cyber resilience,” PPL said, adding that full system functionality will be restored in a secure, phased manner.

PPL emphasized that safeguarding its digital infrastructure remains a top priority and that it is focused on maintaining stakeholder trust through proactive cyber risk management.