Saudi Aramco said it was the target of a $50 million ransomware attack. Indeed, the Company’s confirmation came on Wednesday in a conversation with the Associated Press staff.
Read more of our news content, here; Schlumberger issues optimistic forecast for the rest of the year
Accordingly, Saudi Aramco told the news service that hackers accessed its data, thus turning into the target of a “cyber-extortion” campaign. The Company also said it “recently became aware of the indirect release of a limited amount of company data; which indeed, was held by third-party contractors.”
About the cyber attack
In fact, and it is worth noting, the Associated Press reported Wednesday that it conducted research to access a webpage on the so-called darknet. There, the news service found an anonymous and heavily encrypted network showing the perpetrators of the cyberattack.
Moreover, the media platform reported that those perpetrators held one terabyte (1,000 gigabytes) worth of Saudi Aramco data. As a result, the hackers would delete this information in exchange for $50 million in cryptocurrency.
Saudi Aramco – “no impact.”
Indeed, Saudi Aramco noted that data release was not due to a breach of its systems. Besides, the Company underscored that the attack has no impact on its operations, so it maintains a robust cybersecurity posture.
It is worth noting that Cybersecurity issues are steadily emerging as a viable threat to national infrastructure. Some examples include the recent attack (in May) on Colonial Pipeline, a US network that supplies half of the East Coast demand for refined petroleum products. As a result, part of the pipeline company’s recovery operations included payment in cryptocurrency; however, the government later recovered this amount of money.
Lastly, and notably, this week, the US Department of Homeland Security issued mandates for pipeline owners and operators that call for mitigation measures against cybersecurity threats. Besides, they must develop recovery plans, as well as report the performance of regular cybersecurity reviews.