Saudi Aramco has reportedly confirmed that hackers leaked some of the company files. The hackers demanded a $50 million ransom in cryptocurrency to the company, according to reports.
However, the company denied this cyber incident as a breach of its systems and the data leak was related to third-party contractors.
“Aramco recently became aware of the indirect release of a limited amount of company data which was held by third-party contractors,” said the company.
“We confirm that the release of data was not due to a breach of our systems, has no impact on our operations, and the company continues to maintain a robust cybersecurity posture,” the oil major said in response to a media query.
Hacker on the darknet claimed to hold around one terabyte of data of Saudi Aramco. The hacker has demanded the company to have the data deleted for $50 million in cryptocurrency, according to media reports.
Probably, Saudi Aramco’s data hack is the second major ransomware cyberattack on oil and gas companies this year so far.
In May this year, the American fuel supply pipeline system Colonial Pipeline suffered a ransomware cyberattack. This major attack took down the computerized equipment managing the pipeline that resulted in a shortage of oil and gas supplies on the East Coast of the US.
A recent report from cybersecurity solutions provider Trend Micro has warned against the growing risk of downtime and sensitive data theft from ransomware attacks aimed at industrial facilities.
Industrial Control Systems (ICS) are a crucial element of utility plants, factories and other facilities to monitor and control industrial processes across IT-OT networks.
The oil and gas companies are heavily dependent on ICS for managing their operations and facilities. If ransomware attacks these systems, it could halt the operations for days.
Such attacks result in increasing the risks of data theft of designs, programs and other sensitive documents. And cybercriminals could put the stolen data for sale on the dark web.