Pakistan Election Commission issues advisory after ransomware attack

According to Pakistani news outlet Dawn, the Election Commission of Pakistan has issued a warning after a ransomware attack targeted some of its staff. Alarm has been stirred by the attack as Pakistan prepares for national elections in a few months.

The ECP in its advisory asked the employees to not open emails with suspicious links in them. It said, ” This is a Ransomware attack and trying to steal the information, kindly ignore this email and report it as Junk,” according to Dawn.

The advisory issued by ECP’s Information Security Specialist Naveed Ahmed Kandhir on Thursday also included a screenshot of a phishing email titled ‘implementation of social media policy’ dated July 5, with a 2 KB RAR file attached to it.

The ECP said that the attack was an attempt by unidentified hackers to gain access to the files stored in the computers of the employees.
The advisory has been sent to the ECP secretary and additional secretary, staff officers of the chief election commissioner, all heads of departments and provincial election commissioners.

Ransomware is extortion software designed to deny a user or organisation from accessing files on their computer, Dawn reported citing a cyber security expert.

In September 2022, audio recordings of conversations between key government figures, including Pakistan Prime Minister Shehbaz Sharif, Pakistan Muslim League – Nawaz (PML-N) leader Maryam Nawaz Sharif and some members of the federal cabinet in the Pakistan PM’s office were leaked on social media, as per the Dawn report.

The incident sparked alarm as officials believed flaws in the cyber security of the highest office in Pakistan caused the audio leaks of prominent government figures, according to Dawn report. Earlier in August, the Securities and Exchange Commission of Pakistan’s website was targeted by a cyberattack.

The cyber attack on the Securities and Exchange Commission of Pakistan’s website was carried out “due to the absence of a proper and updated cyber security mechanism.”

The hackers scrapped the personal information of listed firms and their directors and other back-end data. Officials have expressed fear that government institutions and key infrastructure have also been targeted by cyberattacks.