Pakistan Petroleum Limited (PPL), a leading state-run oil and gas company, has suffered a severe ransomware attack that has disrupted its IT systems for the past two days. According to the report, the hackers identifying themselves as “Blue Locker” but later referring to themselves as “Proton,” have encrypted servers, deleted and stolen backups, and are demanding a ransom in exchange for decryption and a promise not to leak stolen data.

The attack has crippled PPL’s financial systems, halting operations, with encrypted assets including virtual machines and financial servers. Stolen data reportedly includes operational details, contracts, and employee information. In threatening messages to employees, the attackers warned against independent recovery attempts, claiming such actions could cause permanent data loss, and threatened to release stolen information to the media, social platforms, and competitors.

In its official statement, PPL confirmed detecting the ransomware intrusion on August 6, 2025, and immediately activating internal cybersecurity protocols. The company claims containment measures were taken swiftly, including suspending non-critical IT services. PPL asserts there is no current evidence of compromise to business-critical or sensitive data, and that core operational systems remain unaffected. The incident has been reported to law enforcement and regulatory authorities, with forensic investigations ongoing.

Sources indicate that PPL’s IT teams and management are in discussions with the attackers, while government and security agencies have been informed. Other oil and gas companies have been alerted to bolster defenses.

Cybersecurity experts warn that such incidents threaten national energy security, highlighting vulnerabilities in critical infrastructure and urging urgent investments in digital defenses, monitoring, and resilience across the sector.

This breach underscores the escalating threat posed by ransomware to essential state-owned enterprises in Pakistan’s energy industry.