Saudi Aramco confirms data leak after $50m cyber ransom

Saudi Aramco confirmed that some company files were leaked after hackers reportedly demanded a $50m ransom from the world’s most-valuable oil producer.

“Aramco recently became aware of the indirect release of a limited amount of company data which was held by third-party contractors,” the Middle Eastern oil major said on Wednesday in an e-mail. “We confirm that the release of data was not due to a breach of our systems, has no affect on our operations, and the company continues to maintain a robust cybersecurity posture.”

The Associated Press reported earlier that 1TB of Saudi Arabian Oil data had been held by an extortionist, citing a web page it had accessed on the darknet. The state-owned driller was offered the chance to have the data deleted for $50m in cryptocurrency, the AP said.

The global energy industry has seen a ramp up in cyberattacks with Colonial Pipeline becoming the most visible of late. The oil and gas industry, which includes the companies that own wells, pipelines and refineries, has long been a laggard in security spending, according to consultants.

In 2012, Saudi Arabia blamed unidentified people based outside the kingdom for a hack against the oil giant that aimed to disrupt production from the world’s largest exporter of crude. The so-called spear-phishing assault destroyed more than 30,000 computers within hours.

A spokesperson for the interior ministry declined at the time to identify any of the “several foreign countries” from which the attack originated.

The Middle East has previously been a magnet for some of the world’s costliest hacks, PwC said in a 2016 report.

Energy companies including electric utilities, power-grid operators and pipeline operators have warned that cyberattacks are becoming more and more prevalent. The largest US power grid operator, PJM Interconnection, has warned regulators that it’s facing increasing attacks.

Bloomberg News. More stories like this are available on bloomberg.com