*ISLAMABAD, August 10, 2025* — Pakistan’s National Cyber Emergency ResponseTeam (NCERT) has issued a high-alert advisory to 39 key ministries andinstitutions, warning of a “severe risk” from the ongoing Blue Lockerransomware attacks. The threat has already compromised several Pakistaniorganizations, including a significant breach at Pakistan Petroleum,according to NCERT spokesperson Imran Haider.
The advisory, issued on August 9, follows confirmed cyberattacks targetingcritical organizations across the country. NCERT, which leads the responseto cybersecurity threats across government departments, is now activelymonitoring and countering the spread of the malware.
“Pakistan Petroleum has been impacted severely and some other organizationswere also attacked, but our deployed system is detecting and blocking itcontinuously,” Haider told *Arab News*.
Blue Locker is a sophisticated form of ransomware that targetsWindows-based systems including desktops, laptops, servers, network shares,cloud-synced storage, and even backup systems. Once it infects a system, itencrypts files and appends a “.blue” extension, demanding ransom paymentsin exchange for decryption keys.
The ransomware is believed to spread through multiple vectors, includingtrojanized software downloads, phishing emails, unsafe file-sharingplatforms, and compromised websites. According to the NCERT advisory, BlueLocker not only encrypts data but also disables antivirus programs, spreadslaterally within networks, and can exfiltrate sensitive information, makingit a highly disruptive and damaging threat.
The advisory warns that this attack has the potential to cause severe dataloss, major operational disruptions, and lasting reputational damage toaffected institutions.
Read Top Stories
To defend against the threat, NCERT has urged organizations to takeimmediate precautions. These include updating all systems with the latestsecurity patches, enabling multi-factor authentication, filtering maliciouscontent, avoiding downloads from untrusted sources, training employees torecognize threats, and maintaining secure offline backups of critical data.
“Immediate isolation of any infected system and prompt reporting to thecybersecurity team are essential to prevent further spread,” NCERTemphasized.
With attacks still ongoing, the situation remains fluid. NCERT iscoordinating closely with affected institutions and continues to monitorthe national cybersecurity landscape for any further threats related toBlue Locker or other emerging ransomware variants.