Saudi Aramco, the world's largest oil company, has been targeted in a ransomware attack, with a $50 million ransom payment demanded.
According to multiple reports, Saudi Aramco has had a data leak in which one terabyte (TB) of the company’s data has been collected by hacks and the hackers are demanding $50 million from Aramco to delete the data, which is now being offered on the dark web for a starting negotiable price of $5 million.
Although Saudi Aramco noted that there was no breach of its systems and said the attack had no impact on its operations, the global oil and gas industry has long been criticised for failing to invest in cybersecurity.
Saudi Arabia's state oil company acknowledged the data leak yesterday, stating that they “recently became aware of the indirect release of a limited amount of company data which was held by third-party contractors.”
The company did not disclose the information of the third-party contractor and they did not confirm whether or not the contractor was hacked or got the information through another source.
“We confirm that the release of data was not due to a breach of our systems, has no impact on our operations and the company continues to maintain a robust cybersecurity posture,” Saudi Aramco added.
A group called ZeroX is taking credit for the attack. ZeroX claims on a dark web page that it holds 1 terabyte of data from the company and is threatening to release the stolen data if the ransom is not paid.
ZeroX said the attack involved hacking Aramco’s “network and its servers” in 2020 and told Bleeping Computer that the attack vector involved “zero-day exploitation,” meaning one that had not been discovered before.
The perpetrators offered Aramco an opportunity to have the data deleted for $50 million in cryptocurrency, while another timer counted down from $5 million, which is likely an effort to pressure the company.
This is not Aramco’s first rodeo with hackers, as the company was a victim of a cyberattack in 2012. The company was attacked by a computer virus called the “Shamoon.” The virus deleted hard drives and after, displayed a picture of a burning American flag on computer screens. The attack was costly to Aramco as they had to shut down their network and destroy over 30,000 computers.
The oil and gas industry, which includes companies that own wells, pipelines, and refineries, has failed to invest in cyber-security over the years, according to experts. This was highlighted during a ransomware attack on the colonial pipeline earlier this year.