NCERT Warns Ministries of Severe Blue Locker Threat

Pakistan’s National Cyber Emergency Response Team (NCERT) informed 39 major ministries and institutions of the severe risk of ‘Blue Locker’ ransomware attacks. It confirmed that some organizations have already been hit. NCERT representative Imran Haider reported that Pakistan Petroleum had been severely impacted, even though detection and blocking solutions are being actively employed.

On August 9 the NCERT advisory reports that Blue Locker infects Windows computers, network shares, cloud storage, and backups. It encrypts files and adds a “.blue” extension and then asks for ransom. Aside from that, it also has the capability to steal data, disable antivirus, and spread through networks. The ransomware propagates via malicious downloads, email, infected websites, and open file sharing.

Organizations need to strengthen their infrastructures, use multi-factor authentication, block malicious sites, block untrusted applications, train the employees, and conduct offline backups, as suggested by NCERT. Infected computers need to be isolated and reported immediately.

The experts feel that ministries in Pakistan lack the appropriate structure, policies, and proactive strategies to counter sophisticated cyber attacks. They stress the need for educated SOC personnel, enhanced SIEM systems, and specialized CERT units to offer round-the-clock monitoring.