‘Blue Locker’ Ransomware Targeting Oil & Gas Sector in Pakistan
August 15, 2025
Blue Locker ransomware hits Pakistan’s oil & gas sector, severely impacting Pakistan Petroleum; NCERT warns ministries of severe ongoing risk.
This week Pakistan’s National Cyber Emergency Response Team (NCERT – National CERT – Pakistan) has issued an advisory to 39 key ministries and institutions and warned them of a “severe risk” posed by the ongoing ‘Blue Locker’ attacks.
Resecurity has acquired binary samples of the “Blue Locker” ransomware and conducted a reverse engineering analysis to raise awareness within the cybersecurity community and to equip network defenders with additional insights about this activity.
Notably, the malicious cyber activity took place in close proximity to the celebration of Pakistan’s Independence Day, one of the key national holidays, which is celebrated annually on August 14. This ransomware attack could be considered significant, as it targeted major enterprise in the country’s oil and gas sector, Pakistan Petroleum Limited (PPL).
NCERT, which handles cybersecurity threats, alerts and coordination for government ministries and institutions, advisory came after the ransomware targeted some organizations in the South Asian country, according NCERT spokesman Imran Haider. “Pakistan Petroleum has been impacted severely and some other organizations were also attacked, but our deployed system is detecting and blocking it continuously,” he told Arab News.
A PPL spokesperson said the attack occurred on August 6, prompting the immediate activation of the company’s internal cybersecurity protocols. PPL has also initiated a comprehensive forensic analysis to assess the scope of the incident and to further strengthen its cyber defence capabilities. “We are committed to complete transparency and to restoring full system functionality in a safe and phased manner,” the spokesperson said.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, ransomware)
