Saudi Aramco, the world’s largest oil exporter, has confirmed that one of its contractors likely exposed data from company files that are now being utilized in a cyber-extortion attempt including a $50 million ransom demand.
The company said that it “only recently became aware of the indirect release of a limited amount of company data which was held by third-party contractors. We confirm that the release of data was not due to a breach of our systems, has no impact on our operations and the company continues to maintain a robust cybersecurity posture.”
According to reports, a hacker on the dark web, which is a section of the internet kept within an encrypted network and accessible only through specific anonymity-providing software, stated the extortionist obtained 1 terabyte of Aramco data. The hacker claimed to have gained information on oil refinery locations, as well as payroll files and secret client and staff information.
The attacker offered to destroy the data if Aramco paid $50 million in cryptocurrency Monero, which is notably difficult to track. The data was also available for $5 million to interested bidders, according to a post by the attacker on the dark web.
Saudi Arabia in 2017 formed the National Cybersecurity Authority (NCA) to curb cyber attacks. It has also implemented strong laws that companies that aim to conduct business with Saudi Aramco and register with them have to follow all of the rules outlined in the Cybersecurity Compliance Certificate (CCC) Program to ensure that all Saudi Aramco third parties meet the cybersecurity criteria outlined in the Third Party Cybersecurity Standard (SACS-002).
Earlier this year, Saudi Aramco had signed an agreement with KPMG, the leading cybersecurity provider, to examine cybersecurity compliance among its third-party suppliers.
According to a 2018 report, the financial impact of cyber-attacks in the Arabian Gulf in 2017 was estimated to be more than $1 billion. In 2020, the cost of a data breach increased by 9.4 percent across a sample of companies in the UAE and Saudi Arabia, costing them $6.53 million per breach.
In August 2012, the largest cyber-attack against Aramco happened when the Shamoon virus infected over 30,000 computers in an attempt to halt oil and gas production at the world’s prominent OPEC exporter.