Saudi Aramco confirms data breach after US$50 million cyber ransom demand


Saudi Aramco, the world’s largest oil producer, confirmed on Wednesday that some of its company documents had been leaked through contractors, after a cyber extortionist claimed to have stolen a large amount of its data last month and demanded that the company pay a ransom of US$50 million.

Saudi Aramco said in a statement that it “recently realized that it has indirectly released a limited amount of company data held by third-party contractors.” The oil company did not name the supplier or explain how the data was leaked.

“We confirm that the release of the data is not due to damage to our system and has no impact on our operations. The company continues to remain robust cyber security Gesture,” Saudi Aramco added.

According to a June 23 post seen by the Financial Times, a hacker claimed on the dark web that they had stolen 1 terabyte of Aramco’s data and then issued a statement. The hacker stated that it had obtained information about the location of the refinery, as well as payroll files and confidential customer and employee data.

In another post, if Saudi Aramco paid $50 million in Monero, a niche cryptocurrency, the perpetrator would delete the data, which is particularly difficult for the authorities to track. The post also provides potential buyers with the opportunity to purchase data for approximately US$5 million.

The oil giant has the ability to draw more than 1 barrel per 10 barrels of crude oil in the global market, and oil traders and policy makers pay close attention to any threats to its safety or facilities.

In particular, the security vulnerabilities of energy companies and pipelines have declined Under the spotlight Recently, the United States’ colonial pipeline was hacked earlier this year, causing fuel shortages on the country’s east coast.

It is not clear who is behind the Saudi Aramco incident. Network researchers pointed out that this attack does not appear to be part of the ransomware campaign. Hackers use malicious software to obtain user data or computer systems, and only release it after paying a ransom. The hacker also did not claim to be a member of a known ransomware group.

On the contrary, the hacker appeared to have obtained a copy of the data without using malware and set up a dark web profile to telegraph his activities.

Saudi Aramco’s facilities have been the target of physical and cyber attacks in the past.

In 2019, the Abqaiq processing plant in the east of the country was hit by a series of blows, which prepared most of the country’s crude oil exports. Missile and drone attacks The United States blamed Iran.Global oil prices have soared until Saudi Arabia can Appease the market It can still export enough oil to provide sufficient supply for customers.

In 2012, the alleged cyber attack on Saudi Aramco was also blamed on Iran. Cybersecurity experts said that this may be retaliation for Stuxnet’s attack on Iran’s nuclear program, which has been widely blamed on the United States and Israel.

According to reports, the 2012 attack deleted approximately three-quarters of Aramco’s computer data. report At the time, it included documents, spreadsheets, and e-mails. They were replaced by images of burning American flags.

The Saudi Aramco refinery, including the newly opened Jazan facility, listed in the allegedly leaked data screenshot, has also been By subject Physical attacks from drone and missile attacks have been claimed by Iranian-backed Yemeni Houthi insurgents. The Jazan oil refinery is located in the Red Sea in the southwest of Saudi Arabia, not far from the border with Yemen.

Newsletter twice a week

Energy is an indispensable business in the world, and energy is its newsletter. Every Tuesday and Thursday, Energy Source will be sent directly to your inbox, bringing you important news, forward-looking analysis and insider intelligence. Register here.

Leave a Reply

Your email address will not be published. Required fields are marked *