Saudi Aramco Confirms Data Breach After $50m Ransom Demand

data protection, GDPR

World’s largest oil producer Saudi Aramco confirms compromise of some of its data, after hacker demands $50 million ransom

Saudi Aramco has confirmed this week that some of its data has been compromised, after company data was leaked via a contractor.

According to the Financial Times, last month a cyber extortionist had claimed to have obtained a tranche of company data, and demanded a $50 million ransom from Saudi Aramco.

Now in a statement to the FT, the world’s largest oil producer confirmed the data leak, but insisted that its own systems had not been breached, and pointed to third-party contractors as being the source of the compromise.

Whistleblower leak keyboard security breach © CarpathianPrince Shutterstock

Data compromise

Aramco said in a statement to the FT that it had “recently become aware of the indirect release of a limited amount of company data which was held by third-party contractors”.

The oil company did not name the supplier or explain how the data were compromised.

“We confirm that the release of data was not due to a breach of our systems, has no impact on our operations, and the company continues to maintain a robust cyber security posture,” Aramco added.

The statement came after a hacker claimed on the dark web that they had stolen 1 terabyte of Aramco’s data, according to a post from June 23 seen by the Financial Times.

The hacker said it had obtained information on the location of oil refineries, as well as payroll files and confidential client and employee data.

In another post, the perpetrator offered to delete the data if Aramco paid up $50m in a niche cryptocurrency Monero, which is particularly difficult for authorities to trace. The post also offered prospective buyers the chance to purchase the data for about $5m.

The Aramco breach on the surface does not seem to be a ransomware issue, but rather an old fashioned data breach that has seen company data been stolen.

The security vulnerabilities of critical industries such as oil producers, energy providers and others became a political issue at the highest level, following the ransomware compromise of Colonial Pipeline in the US earlier this year, which resulted in widespread fuel shortages across the east coast of America.

Previous attacks

Saudi Aramco’s facilities have been targeted previously by both physical and cyber attacks.

In 2019 its Abqaiq facility was hit by a series of missile and drone strikes that was claimed by Iran-backed Houthi rebels in Yemen. The US blamed Iran for the attack.

And in August 2012, Saudi Aramco struggled to recover its systems following a cyber attack, that forced it isolated all its electronic systems from outside access for a period of time.

The firm said that a virus had infected personal workstations without affecting the primary components of the network.

However it was later reported that the 2012 attack erased data on about three-quarters of Aramco’s computers.

The 2012 Saudi Aramco cyberattack was attributed to Iran – probably as a retaliation for the Stuxnet attack on Iran’s nuclear programme.