K-Electric, the sole electricity provider to the city of Karachi and its adjoining areas was the target of a ransomware incident in the first week of September. The power utility would like to state that all critical customer support functions and services such as bill payment solutions and the 118 call center remained operational. However, a few non-critical services were immediately isolated as a precautionary measure to ensure the integrity of information systems and servers.

KE’s internal IT teams responded quickly to the incident and initiated consultations with international IT security experts and also collaborated with local authorities in line with prevalent cyber security protocols. Following internal forensic investigations, the company confirmed that customer data had remained intact and secure and initiated the restoration of those services that had been isolated, while adhering to cyber security guidelines.

The power utility has also initiated a series of critical updates and activities on its IT Infrastructure, applications and users’ systems. These activities include security software updates, antimalware/antivirus updates, data protection and further strengthening of network security. Additional initiatives have also been planned and are being implemented to minimize the exposure of threats, vulnerabilities, and any attacks in future.

The power utility would like to clarify that it is not negotiating with any entity in this regard.