The oil giant has already been the victim of both physical and cyber attacks on its facilities

Saudi Aramco ransom demanded $50m for data leak

Updated: 23/07/21 | 14:22

Tags:

Saudi Aramco, the Saudi oil company, has been the victim of a leak of sensitive company files. The Saudi company reports that this leak is due to a contractor and distances itself from one of the main hypotheses that suggest that this theft may be due to an attack on its computer systems. The ransom demand involves a total sum of $50 million and the company has not yet confirmed whether the system was hacked or otherwise leaked.

"We confirm that the data release was not due to a breach of our systems, has no impact on our operations and the company continues to maintain a strong cyber security posture," the company told the Associated Press.

The statement comes after a hacker claimed on the Deep Web that he had managed to steal 1 terabyte, or 1,000 gigabytes, of Aramco's data. According to the statement he issued, he was able to obtain information on the location of oil refineries, employee payroll files and confidential customer and employee data.

The hacker offered to delete the data he had obtained from Aramco if he was paid $50 million in cryptocurrencies, due to the difficulty of tracing it by the authorities. Similarly, the leaked information has been offered for sale for a total value of $5 million.

It is still unclear who is behind the attack on Aramco. Cyber investigators believe that the attack did not appear to be part of a company's ramsonware, a malware that upon gaining entry to a computer gives the hacker the ability to lock the device, as well as encrypt files and take away the user's control over their stored data along with their personal information. If they want to use the files again, the hacker would demand a ransom in exchange for removing the access restriction so that they can use it again. However, if they refuse, the cybercriminals can make the encrypted information public.

In this vein, research suggests that the hacker managed to get a copy of the data without using malware and managed to set up Deep Web profiles to track their activities, which is believed to have been done through a contractor.

In 2020, this type of attack was the number one security threat to businesses and governments, and according to the Global Threats Report, ramsonware is expected to continue to be a major security attack in 2021.

This is not the first time the company has been the victim of both physical and cyber attacks. In 2019, one of the processing plants that prepares most of the crude for export was damaged after a series of missile attacks allegedly carried out by Iran, according to the US.

In 2012 Iran was once again in the spotlight after a cyber attack, via the Shamoon virus, a ramsomware that managed to erase data from approximately three quarters of Aramco's computers. The deleted files, emails and spreadsheets were replaced with images of the American flag in flames. The attack is believed to have been a form of retaliation for the Stuxnet attack on Iran's nuclear programme, an aggression blamed on the US and Israel. In this offensive, more than 30,000 computers had to be shut down.

In 2017, another virus reportedly managed to disrupt the computers of the Sadara project, a joint venture between Aramco and The Dow Chemical Company in Michigan, through another version of the Shamoon virus. This type of virus has the ability to spread from an infected computer to all other computers on the network.

Similarly, Saudi Aramco's refineries, including the recently opened Jazan facility, are not only among the facilities that have suffered massive data theft, but have also been the target of physical attacks by both drones and missiles, which have been claimed by Iranian-backed Houthi rebels in Yemen. This refinery is located in the southwest of Saudi Arabia on the Red Sea, close to the Yemeni border.

Tags: