Saudi Aramco confirms knowledge leak after $50 million cyber ransom demand

Saudi Aramco confirms knowledge leak after $50 million cyber ransom demand

Enlarge / The Hawiyah Pure Fuel Liquids Restoration Plant, operated by Saudi Aramco, in Hawiyah, Saudi Arabia, on Monday, June 28, 2021.

Bloomberg | Getty Photos

Saudi Aramco, the world’s largest oil producer, confirmed on Wednesday that a few of its firm recordsdata had been leaked by way of a contractor, after a cyber extortionist claimed to have seized troves of its knowledge final month and demanded a $50 million ransom from the corporate.

Aramco mentioned in an announcement that it had “just lately turn into conscious of the oblique launch of a restricted quantity of firm knowledge which was held by third-party contractors.” The oil firm didn’t title the provider or clarify how the info have been compromised.

“We verify that the discharge of knowledge was not as a result of a breach of our programs, has no affect on our operations, and the corporate continues to take care of a sturdy cyber safety posture,” Aramco added.

The assertion got here after a hacker claimed on the darkish net that that they had stolen 1 terabyte of Aramco’s knowledge, based on a submit from June 23 seen by the Monetary Occasions. The hacker mentioned it had obtained info on the placement of oil refineries, in addition to payroll recordsdata and confidential shopper and worker knowledge.

In one other submit, the perpetrator provided to delete the info if Aramco paid up $50 million in a distinct segment cryptocurrency Monero, which is especially tough for authorities to hint. The submit additionally provided potential patrons the possibility to buy the info for about $5 million.

The oil big has the capability to pump a couple of in each 10 barrels of crude within the world market and any threats to its safety or amenities are intently watched by oil merchants and policymakers.

The safety vulnerabilities of vitality firms and pipelines particularly have fallen beneath the highlight just lately after the hack of the Colonial Pipeline within the US earlier this yr resulted in gas shortages throughout the east coast of the nation.

It was unclear who was behind the Aramco incident. Cyber researchers famous that the assault didn’t look like a part of a ransomware marketing campaign, the place hackers use malware to grab a customers’ knowledge or pc programs and solely launch it as soon as a ransom has been paid. Nor did the hacker declare to be a part of a identified ransomware gang.

As a substitute, the hacker appeared to have seized a replica of the info with out utilizing malware, and arrange darkish net profiles to telegraph its actions.

Saudi Aramco’s amenities have been focused prior to now by each bodily and cyber assaults.

In 2019 the Abqaiq processing facility within the japanese a part of the nation, which prepares nearly all of the dominion’s crude for export, was hit by a collection of missile and drone strikes that the US blamed on Iran. International oil costs soared till Saudi Arabia was in a position to reassure markets it may nonetheless export sufficient oil to maintain clients effectively equipped.

In 2012 an alleged cyber assault on Saudi Aramco was additionally blamed on Iran. Cyber safety specialists have mentioned this was most likely a retaliation for the Stuxnet assault on Iran’s nuclear program, which has been broadly attributed to the US and Israel.

The 2012 assault erased knowledge on about three-quarters of Aramco’s computer systems, based on studies on the time, together with recordsdata, spreadsheets and emails. They have been changed with a picture of a burning US flag.

Saudi Aramco refineries, together with the newly opened Jazan facility, which was listed in screenshots of the allegedly leaked knowledge, have additionally been topic to bodily assaults each from drones and missile strikes, which have been claimed by Iran-backed Houthi rebels in Yemen. The Jazan refinery is in Saudi Arabia’s southwest on the Crimson Sea, not removed from the Yemen border.

The extortion try was first reported by the Related Press.

© 2021 The Monetary Occasions Ltd. All rights reserved To not be redistributed, copied, or modified in any method.

Source link