SAUDI ARAMCO IN THE RED
Saudi Aramco, the world’s largest oil production company and one of the largest by revenue, has been hit by a ransomware attack. The Arabian oil giant, ranked by Forbes as the 5th largest public company in the world, reported that 1TB of its data, stolen from an unnamed contractor, has been held to ransom on the Dark Web. The anonymous hackers said that they will delete the data if Saudi Aramco pays a ransom of $50 million in cryptocurrency. This shouldn’t be a problem for the company which, in 2020, had a turnover of $230 billion and an operating profit of $102 billion. Notwithstanding, Aramco did see its profits tumble by 45% last year to the impact of the coronavirus pandemic on transport and international travel.
WHAT SAUDI ARAMCO SAID…
Aramco, along with many other of its counterparts, has long been criticized for its lackadaisical approach to cybersecurity. However, the company believes that it has bullet-proof anti-hacking strategies in place, and told the BBC:
“We confirm that the release of data was not due to a breach of our systems, has no impact on our operations and the company continues to maintain a robust cybersecurity posture.”
From my experience, there isn’t an IT system in the world that is bulletproof. Cybercriminals are clever, manipulative and determined, more so than ever. Where there’s a will, or least money, they’ll find a way.
WHAT ABOUT THE $4 MILLION?
Saudi Aramco wasn’t the only oil company to get lynched this year. In May, Colonial Pipeline, a Texas-based oil pipeline system that sends fuel to the Southeastern United States was subject to a ransomware attack. It paralyzed the IT managing the pipeline, caused supplies to be suspended, and spread fears of fuel shortages. It took less than 2 hours for the hackers to gain control of more than 100 GB of data. The suspected hackers, DarkSide, based in Eastern Europe, demanded 75 bitcoin or $4.4 million.
Colonial Pipeline paid and the cybercrooks sent the company a software application so that the network could be restored. The firm’s CEO, Joseph Blount said it was:
“the right thing to do for the country.”
The Department of Justice later announced that $2.3 million of the ransom money had been recovered. This was the largest cyberattack on the IT of an oil infrastructure company in the history of the United States.