Saudi Aramco Confirms $50MM Cyber Ransom Demand

(Bloomberg) -- Saudi Aramco confirmed that some company files were leaked after hackers reportedly demanded a $50 million ransom from the world’s most-valuable oil producer.

“Aramco recently became aware of the indirect release of a limited amount of company data which was held by third-party contractors,” the Middle Eastern oil major said Wednesday in an email. “We confirm that the release of data was not due to a breach of our systems, has no impact on our operations, and the company continues to maintain a robust cybersecurity posture.”

The Associated Press reported earlier that 1 terabyte of Saudi Arabian Oil Co. data had been held by an extortionist, citing a web page it had accessed on the darknet. The state-owned driller was offered the chance to have the data deleted for $50 million in cryptocurrency, the AP said.

The global energy industry has seen a ramp up in cyber attacks with Colonial Pipeline becoming the most visible of late. The oil and gas industry, which includes the companies that own wells, pipelines and refineries, has long been a laggard in security spending, according to consultants.

In 2012, Saudi Arabia blamed unidentified people based outside the kingdom for a hack against the oil giant that aimed to disrupt production from the world’s largest exporter of crude. The so-called “spear-phishing” assault destroyed more than 30,000 computers within hours. A spokesman for the Interior Ministry declined at the time to identify any of the “several foreign countries” from which the attack originated.

The Middle East has previously been a magnet for some of the world’s costliest hacks, PricewaterhouseCoopers LLP said in a 2016 report.

Energy companies from electric utilities, to power-grid operators to pipeline operators have warned that cyberattacks are becoming more and more prevalent. The largest U.S. power grid operator, PJM Interconnection LLC, has warned regulators that it’s facing increasing attacks.

© 2021 Bloomberg L.P.