Saudi Aramco Confirms Data Leak amid Cyber Ransom Reports

Amin Nasser, president and chief executive officer of Saudi Aramco, speaks during the fourth edition of the Future Investment Initiative (FII) conference at the capital Riyadh's Ritz-Carlton hotel on January 27, 2021. - Saudi Arabia opened a two-day Davos-style investment forum, with dozens of global policy makers and business tycoons …
FAYEZ NURELDINE/AFP via Getty Images

Saudi Aramco confirmed on Wednesday that a “limited amount” of its company data held by third-party contractors was recently leaked amid reports that an unidentified extortionist is holding a terabyte of the Saudi Arabian oil giant’s data hostage and demanding a $50 million ransom for its deletion, the Associated Press (AP) reported.

Saudi Aramco “recently became aware of the indirect release of a limited amount of company data which was held by third-party contractors,” the state-run petroleum and natural gas firm, officially the Saudi Arabian Oil Co., told the AP on July 21.

“We confirm that the release of data was not due to a breach of our systems, has no impact on our operations and the company continues to maintain a robust cybersecurity posture,” the oil giant added.

Saudi Aramco failed to clarify “which contractor found itself affected nor whether that contractor had been hacked or if the information leaked out another way,” according to the AP.

The news agency said it recently accessed a webpage on the darknet that claimed an “extortionist held 1 terabyte worth of Aramco data. A terabyte is 1,000 gigabytes.”

“The page offered Aramco a chance to have the data deleted for $50 million in cryptocurrency, while another timer counted down from $5 million, likely in an effort to pressure the company. It remains unclear who is behind the ransom plot,” the AP revealed.

The news agency defined the darknet as “a part of the internet hosted within an encrypted network and accessible only through specialized anonymity-providing tools.”

Saudi Aramco is the most valuable oil producer in the world and one of the most valued companies globally. It was last targeted by a cyberattack in 2012, by the “so-called Shamoon computer virus, which deleted hard drives and then displayed a picture of a burning American flag on computer screens,” the AP recalled on Wednesday.

The Shamoon virus “partially wiped or totally destroyed” 35,000 Saudi Aramco computers “in a matter of hours,” CNN Business detailed of the 2012 attack. “Without a way to pay them, gasoline tank trucks seeking refills had to be turned away. Saudi Aramco’s ability to supply 10 percent of the world’s oil was suddenly at risk.”

The crippling cyber assault forced “one of the most valuable companies on Earth … back into 1970s technology, using typewriters and faxes,” according to the U.S.-based news site.

U.S. government officials later blamed Aramco’s 2012 cyberattack “on Iran, whose nuclear enrichment program had just been targeted by the Stuxnet virus, likely an American and Israeli creation,” the AP noted this week.

“The oil and gas industry, which includes the companies that own wells, pipelines and refineries, has long been a laggard in security spending,” Bloomberg reported on July 21, citing recent analyses by security consultants.

.

Please let us know if you're having issues with commenting.