By Mayank Sharma
Says attack wasn’t a typical ransomware campaign
Saudi Aramco has admitted to indirectly leaking sizable amounts of data pilfered from one of its third-party contractors in a cyberattack, which surprisingly doesn’t appear to involve the use of malware like ransomware.
In an emailed statement to the Financial Times, the world’s largest oil producer confirmed a breach had occured earlier this week, but added the incident did not originate on its computers, and has had no impact on their operations.
The statement comes after cybersecurity experts noticed a dark web post claiming to offer one terabyte of Saudi Aramco data. The poster reportedly claimed to possess information on the location of oil refineries, as well as payroll files and confidential client and employee data.
Interestingly, while it is currently unclear who was behind the leak, according to reports, the attack on the unidentified contractor doesn’t appear to be part of a typical ransomware campaign.
Smash and grab
Experts noted that the seller who posted the exfiltrated data on the dark web did not mention affiliation with any ransomware operator, even as they demanded $50 million in cryptocurrency to delete the data.
Security experts have foretold of an increase in cyberattacks on critical utilities and infrastructure following the successful campaign against the US-based Colonial Pipeline, prompting the country to spend billions to revitalize its security initiatives.
It isn’t clear whether Saudi Aramco or its contractor heeded the extortion demands, but since there’s no indication of any data being encrypted in the attack, the primary concern would have been to keep the information away from its competitors.
Via Financial Times
21 July, 2021
It remains unclear who is behind the Saudi Aramco ransom plot [Getty]
Saudi Arabia’s state oil giant acknowledged Wednesday that leaked data from the company – files now apparently being used in a cyber-extortion attempt involving a $50 million ransom demand – likely came from one of its contractors.
The Saudi Arabian Oil Company, better known as Saudi Aramco, told the Associated Press that it “recently became aware of the indirect release of a limited amount of company data which was held by third-party contractors.”
The oil firm did not say which contractor found itself affected nor whether that contractor had been hacked or if the information leaked out another way.
“We confirm that the release of data was not due to a breach of our systems, has no impact on our operations and the company continues to maintain a robust cybersecurity posture,” Aramco said.
A page accessed by the AP on the darknet – a part of the internet hosted within an encrypted network and accessible only through specialized anonymity-providing tools – claimed the extortionist held one terabyte worth of Aramco data. A terabyte is 1,000 gigabytes.
The page offered Aramco a chance to have the data deleted for $50 million in cryptocurrency, while another timer counted down from $5 million, likely in an effort to pressure the company. It remains unclear who is behind the ransom plot.
Aramco has been targeted before by a cyberattack. In 2012, the kingdom's oil giant found itself hit by the so-called Shamoon computer virus, which deleted hard drives and then displayed a picture of a burning American flag on computer screens. The attack forced Aramco to shut down its network and destroy over 30,000 computers.
US officials later blamed that attack on Iran, whose nuclear enrichment program had just been targeted by the Stuxnet virus, likely an American and Israeli creation.
In 2017, another virus swept across the kingdom and disrupted computers at Sadara, a joint venture between Aramco and Michigan-based Dow Chemical Company. Officials at the time warned it could be another version of Shamoon.
The sliver of Aramco that now trades publicly on Riyadh's Tadawul stock exchange stood at 34.90 riyals a share, or $9.30, after trading stopped last week for the Muslim holiday of Eid al-Adha. That puts the company's valuation at around $1.8 trillion, making it one of the world's most-valued companies.