Saudi Aramco, the world’s largest oil producer, confirmed Wednesday that some of its company’s files have been leaked because of a contract, after a cyber extortionist claimed to have seized some of his data on last month and asked the company for a $ 50 million ransom.
Aramco said in a statement that it had “recently become aware of the indirect release of a limited amount of company data that was held by third-party contractors.” The oil company did not call the supplier or explain how the data was compromised.
“We confirm that the release of data was not due to a breach of our systems, had no impact on our operations, and the company continues to maintain a robust cybersecurity stance,” adds Aramco.
The statement came after a hacker claimed on the dark web that they had stolen 1 terabyte of Aramco data, according to a June 23 post seen by the Financial Times. The hacker said he obtained information about the location of the oil refineries, as well as pay slips and confidential data of customers and employees.
Elsewhere, the author offered to cancel the data if Aramco paid $ 50m in a Monero cryptocurrency crisis, which is particularly difficult for tracking authorities. The post also offers prospective buyers the opportunity to purchase the data for about $ 5m.
The oil giant has the capacity to pump more than one in every 10 barrels of crude oil into the global market and any threat to its security or its structure is closely monitored by oil traders and policy makers.
Security vulnerabilities in power companies and gas pipelines in particular have fallen under the spotlight recently after the U.S. Colonial Pipeline hijacker earlier this year led to a fuel shortage throughout. the east coast of the country.
It was unclear who was behind the Aramco incident. Cybercriminals have noted that the attack did not appear to be part of a ransomware campaign, where hackers use malware to capture user data or computer systems and release it only once the ransom has been paid. Not even the hacker claimed to be part of a known ransomware gang.
Instead, the hacker appeared to have taken a copy of the data without using malware, and created dark web profiles to telegraph its activities.
Saudi Aramco’s facilities have been targeted in the past by physical and cyber attacks.
In 2019, the Abqaiq processing facility in the eastern part of the country, which prepares most of the kingdom’s crude for export, was hit by a series of missile and drone strikes that the United States they accused Iran. World oil prices have risen until Saudi Arabia has been able to reassure markets that it could also export enough oil to keep customers well supplied.
In 2012 an alleged cyber attack on Saudi Aramco was also blamed on Iran. Cybersecurity experts said this was probably a revenge for Stuxnet’s attack on Iran’s nuclear program, which has been widely attributed to the United States and Israel.
The 2012 attack erased data on three-quarters of Aramco’s computers, according to him report at the moment, including spreadsheets, spreadsheets and emails. They were replaced with an image of a flaming US flag.
Saudi Aramco refineries, including the newly opened Jazan facility, which was listed in screenshots of the allegedly leaked data, have also been subjected to physical attacks by both drones and missiles, which have been claimed by Houthi rebels backed by the ‘Iran in Yemen. The Jazan refinery is in southwestern Saudi Arabia on the Red Sea, not far from the Yemen border.
Bulletin twice a week
Energy is the indispensable activity of the world and the Source of energy is its newsletter. Every Tuesday and Thursday, directly at your inbox, Fonte Energetica brings you essential news, advanced analysis and inside intelligence. Sign up here.