Pakistan Petroleum Limited (PPL), an oil and gas exploration firm, has reported a ransomware attack on parts of its IT infrastructure, detected on August 6, 2025, but said the incident was swiftly contained with no compromise of critical systems or sensitive data.
The E&P disclosed the development in its notice to the Pakistan Stock Exchange (PSX) on Friday.
“We would like to apprise that Pakistan Petroleum Limited (PPL) recently identified a cybersecurity incident involving a ransomware intrusion targeting parts of its IT infrastructure,” PPL said in a statement.
The company shared that the event was detected on 6th August 2025, and PPL’s internal cybersecurity protocols were immediately activated.
“The IT and cybersecurity teams, in collaboration with external experts, took prompt and effective containment measures, including the temporary suspension of selected noncritical IT services as a precaution to limit potential impact and ensure the integrity of systems,” it said.
PPL secures 10-year lease for Sui Gas Field
PPL informed that the threat was “rapidly isolated” owing to the multi-layered cybersecurity framework it operates.
“There is no indication of business-critical or sensitive data being compromised. Core operational systems remain unaffected, without any disruption,” it said.
PPL shared that a ransomware note was received from an external actor.
“In accordance with legal requirements, the matter was reported to relevant law enforcement and regulatory authorities. Investigations are ongoing, in coordination with these agencies,” informed the company.
It stated that no contact was made with the hackers.
“Financial transactions (payments) were done manually, and purposely, the system was not used for transactions during the complete scan,” read the statement.
PPL shared that it remains committed to conducting a comprehensive forensic analysis to reinforce its cyber resilience.
“IT teams have worked diligently to restore full system functionality in a secure and phased manner. PPL attaches highest priority to safeguarding its digital infrastructure and remains focused on maintaining the trust of its stakeholders through timely action and proactive cyber risk management,” it said.
