Saudi Arabia’s state oil company acknowledged that some of its data is being held for ransom online. Aramco said it likely came from a third-party contractor, denying there’s been any breach of its computer systems.
The company confirmed to AP on Wednesday it “recently became aware of the indirect release of a limited amount of company data which was held by third-party contractors.” The contractor was not identified, and it was unclear whether the data was obtained through hacking or leaking or some other way.
A website on the dark web claims to sell data from Saudi Aramco
Proof includes 34 mid-res images.
Screenshots with PII are redacted, making verification impossible. pic.twitter.com/BP8C2GeOQk
— Catalin Cimpanu (@campuscodi) July 19, 2021
“We confirm that the release of data was not due to a breach of our systems, has no impact on our operations and the company continues to maintain a robust cybersecurity posture,” Aramco said in a statement.
Files purported to belong to the company began appearing on ‘dark web’ sites on Tuesday, along with a demand for $50 million worth of cryptocurrency to have the data deleted. It was unclear who was demanding the ransom.
Aramco is valued at around $1.8 trillion. The company has been targeted by cyberattacks in the past, for which the US and Saudi Arabia blamed Iran. In 2017, a virus disrupted computers at Sadara, a joint venture between Aramco and the US-based Dow Chemical Co. Officials claimed it might have been another version of Shamoon, the virus that in 2012 forced the Saudi oil giant to shut down its network and destroy some 30,000 computers.