DESFA is a public utility. The acronym DESFA is used for the initials of the National Natural Gas System Operator, a limited liability company (AE) subsidiary of DEPA SA.
DESFA is controlled by RAE, the Greek Energy Regulatory Authority which is responsible for controlling all companies (state or non-state) related to energy, as it is a basic consumer good.
So the company, which was founded in 2007 with a law that freed up the natural gas market, aims to take care of the transportation of natural gas so that the world can be supplied with gas in a safe and reliable way.
On August 20, however, DESFA announced that it was attacked "by cybercriminals who tried to gain illegal access to electronic files and with a confirmed impact on the availability of certain systems and possible leakage of files and data".
According to the same announcement, IT services were deactivated as a precaution, while, as reported, the adequate and smooth operation of the national natural gas supply system at all entry and exit points of the country was ensured without problems.
The hacking group Ragnar Locker, with posts on the dark web, claimed responsibility for the attack.
The FBI first discovered the Ragnar Locker group in April 2020 using a ransomware of the same name (with various variants) to encrypt their targets' electronic files. By January 2022 the FBI had identified at least 52 victim organizations and companies in critical infrastructure (energy and construction).
According to the FBI report, the perpetrators use this particular malware and target the location of the terminals they infect. If they find that their target is based in Azerbaijan, Armenia, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Tajikistan, Russia, Turkmenistan, Uzbekistan, Ukraine or Georgia, they disable the ransomware. This may also explain the possible origin of the hackers, although you can never be sure with the games being played.
DESFA reports that none of their files have been locked nor have they been asked for a ransom, at least until today.