ISLAMABAD:The Pakistan Petroleum Limited (PPL), one of the country’s leading state-run oil and gas companies, has fallen victim to a major cyberattack, leaving its IT systems crippled for the past two days.
According to sources, hackers operating under the alias “Blue Locker” have encrypted PPL’s servers, blocked access to backups, and are now demanding a ransom in exchange for a decryption tool and a promise not to leak sensitive data.
The company’s entire financial system has been brought to a standstill, as operations remain suspended.
As per sources, the encrypted systems include virtual machines and financial servers, and the attackers claim to have exfiltrated vital data related to operations, contracts, and employee information.
In an alarming email sent to PPL employees, the hackers stated:
“Your computers and servers are encrypted, backups are deleted from your network and copied. We have stolen some of your business data and employee information, including but not limited to TMC Data (Sui, Adhi, etc.) and contracts… If you don’t contact us with a quote, we will report the hack to mainstream media and release your data to social media and competitors.”
The message also warned that any attempt to modify or recover files independently could result in permanent data loss.
PPL has not yet issued an official statement on the matter. Repeated attempts were made to contact Managing Director Imran Abbasay for an updated position or confirmation, but he remained unreachable.
The hacking incident has raised serious concerns about the cybersecurity resilience of critical national infrastructure, especially in the energy sector. The attackers, using encryption and threatening exposure, have demanded direct negotiations, stating that intermediaries or cybersecurity consultants should not be involved.
So far, it remains unclear whether PPL has engaged with the hackers or reported the matter to law enforcement or the National CERT (Computer Emergency Response Team).
The sources also informed that the company’s IT experts and management are in negotiations with the hackers, who have taken control of PPL’s IT system for the past two days. They said that the administration has lost control over the company’s financial operations. They further revealed that the government and relevant authorities have been fully informed about the situation, and a request has been made to these institutions to help restore the company’s systems. Other oil and gas companies have also been alerted and warned to take immediate precautionary measures and necessary steps, they added.
Cybersecurity experts warn that such attacks can compromise national energy security and stress the need for urgent investment in digital infrastructure and threat monitoring systems across all state-owned enterprises.
