ISLAMABAD: Pakistan’s National Cyber Emergency Response Team (NCERT) has issued an advisory to 39 key ministries and institutions and warned them of a “severe risk” posed by the ongoing ‘Blue Locker’ malware attacks, an NCERT spokesperson said on Sunday, confirming that a few Pakistani organizations had already been affected by the ransomware.
NCERT, which handles cybersecurity threats, alerts and coordination for government ministries and institutions, advisory came after the ransomware targeted some organizations in the South Asian country, according NCERT spokesman Imran Haider.
“Pakistan Petroleum has been impacted severely and some other organizations were also attacked, but our deployed system is detecting and blocking it continuously,” he told Arab News.
Blue Locker ransomware can impact Windows-based desktops, laptops and servers as well as network shares, cloud-synced storage and backup systems accessible during the attack, according to an Aug. 9 NCERT advisory seen by Arab News.
“The Blue Locker ransomware encrypts victim files, appends the .blue (dot blue) extension, and demands ransom in exchange for decryption keys,” it said, adding that the attack may initiate through trojanized downloads, phishing emails, unsafe file-sharing platforms and compromised websites.
“It has the potential for severe data loss, operational disruption, and reputational harm.”
Once executed, the ransomware may disable antivirus software, spread laterally across the network, and exfiltrate sensitive information, according to the advisory.
As a precaution, organizations must keep all systems updated with the latest security patches, apply multi-factor authentication, filter malicious emails or web content, avoid downloading software from untrusted sources, train staff on threat detection, and monitor systems and maintain offline backups of critical data.
“Immediate isolation of any infected system and prompt reporting to the cybersecurity team are essential to prevent further spread,” NCERT said.
Independent cybersecurity experts say Pakistani government bodies lack structures, policies and constant vigilance needed to counter increasingly sophisticated cyber threats.
Tariq Malik, a cybersecurity expert and former Chief Technology Officer with Pakistan’s army, said the country’s ministries and government departments were “ill-prepared” to handle such attacks.
“They do not have such structure and clear policies to deal with such sophisticated attacks,” he told Arab News. “Government departments need to start using the technology as a whole not only as personal computers and need proper safety mechanisms and trainings.”
Ammar Jaffery, president of the Pakistan Information Security Association (PISA), said the nature of cybersecurity has changed from reactive to proactive, and organizations now need to continuously train their staff to deal with daily emerging challenges.
“Hackers are always ahead of experts, so it’s not just about capability but about continuous learning, where organizations must recognize that cyber threats are growing daily, weekly and monthly,” he told Arab News.
“Therefore, organizations should regularly check their systems and create ongoing awareness among their technical and general staff.”
Key ministries and departments should have their own cybersecurity teams, according to Jaffery.
“They should train their Security Operations Center (SOC) teams and ensure up-to-date Security Information and Event Management (SIEM) systems, and especially their own CERT which acts like a watchman guarding your home — are always on alert,” he said.
