Ransomware attack on Saudi Aramco leaks critical data

282

Oil Company Saudi Aramco that produces oil and fossil fuel through drilling technologies has confirmed that a ransomware group infiltrated the servers of one of its contractors last month and got hold of over 1TB data that is now on the dark web for sale.

The company spokesperson also disclosed that the ransomware gang was demanding $50 million in Monero cryptocurrency for deleting the data on its servers that will also terminate the sale of the data process on the dark web.

According to a press release from Associated Press, the Saudi Arabia-based petroleum producer was hit by a cyber attack in 2012 where the servers of the company were targeted by a malware named ‘Shamoon’ via a ‘spear phishing’ attack deceptively launched by Iran. And within an hour or two, over 30,000 servers were destroyed by the malicious malware disrupting some of the critical operations of the company for weeks at that time.

Aramco that is one of the largest oil suppliers of Middle East said that no data related to customers or staff was leaked in the recent cyber incident- all thanks to the robust Cybersecurity Posture being maintained by the IT staff of the company.

Saudi Aramco Oil and Refineries Company hasn’t revealed the details of the ransomware gang that targeted its server farm for reasons best known to them.

Note- Usually, a ransomware gang encrypts data until a ransom is paid. However, some notorious ransomware spreading gangs like REvil, DopplePaymer, Conti, CLOP, Egregor, Babuk, Ragnar and others are known to first steal a portion of data from the servers of the victim and then encrypt it until a ransom is paid.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security