Ransomware Attack Disrupts PPL’s IT, Financial Operations

Pakistan Petroleum Limited’s IT systems have allegedly been down for two days after a ransomware attack by a group calling itself “Blue Locker.” The hackers have allegedly encrypted servers, deleted backups, and claimed to have stolen sensitive operational, contractual, and employee data, reported Profit. Financial operations have been halted, though PPL says core production systems and Joint Venture partners remain unaffected. The breach was detected on August 6, 2025, with containment efforts launched alongside internal and external cybersecurity teams. The attackers are demanding ransom, warning against independent recovery. The case has been reported to law enforcement, and forensic analysis is in progress. PPL said its multi-layered cybersecurity framework allowed the threat to be quickly isolated, with core operations unaffected. Financial transactions were processed manually during a complete system scan. The company clarified that no contact was made with the attackers and investigations are ongoing. IT systems are being restored in phases, with PPL conducting a forensic analysis to strengthen cyber resilience. PPL claimed that the immediate containment measures, including the suspension of non-critical IT services, prevented any compromise of sensitive or business-critical data.