Saudi Aramco Network Back Online After Cyber Attack

Oil giant Saudi Aramco says its network is back online after malware infected 30,000 of its workstations.

Those systems have now been cleansed and are back online, Aramco said, whilst its hydrocarbon exploration and production systems were unaffected. Production plants are also fully operational, as they were isolated, and databases remained intact.

“We addressed the threat immediately and our precautionary procedures, which have been in place to counter such threats, and our multiple protective systems, have helped to mitigate these deplorable cyber threats from spiraling,” said Khalid A. Al-Falih, president and CEO of Saudi Aramco.

“Saudi Aramco is not the only company that became a target for such attempts, and this was not the first nor will it be the last illegal attempt to intrude into our systems, and we will ensure that we will further reinforce our systems with all available means to protect against a recurrence of this type of cyber attack.”

Whodunnit?

Al-Falih said Aramco was investigating who was responsible for the attack. The company blocked off outside access to its communication systems from 15 to 25 August after a virus spread across its machines.

Supposed hacktivists calling themselves the ‘Cutting Sword of Justice’ claimed to have been behind the attack, saying they would hit the company again on 25 August. That attack failed to materialise.

The hit on Aramco came just before security firms started warning of a new piece of malware called Shamoon or Disttrack, which was designed to infect a system’s Master Boot Record (MBR), making it un-bootable.

It was believed at least one organisation in the energy sector was hit by Shamoon, leading some to suggest Aramco could have been the victim. However, there was no validation of that claim and no response from Aramco at the time of publication.

Are you a security guru? Try our quiz!