Hacker asks for 250 thousand XMR from oil company to return stolen files – CVBJ

Key facts:

Saudi Aramco attributes the theft of its files to a contractor.

The hacker has access to the refinery location and confidential customer and employee data.

Saudi Aramco, one of the world’s largest oil producers, reported that a hacker is demanding a payment of USD 50 million in monero (XMR) to return the files that were stolen last week. The sum is equivalent to approximately 250 thousand XMR. This cryptocurrency allows transactions to be carried out privately, without being traced.

The Financial Times newspaper, in its edition of today, July 22, 2021, expanded this information. The news outlet notes that the hydrocarbon company confirmed that “some of the files had been leaked through a contractor, after a cyber extortionist claimed to have seized their data last month and demanded a $ 50 million ransom.” in monero.

According to the newspaper, Saudi Aramco said it had “recently learned of the indirect release of a limited amount of company data that was held by contractors.” However, the company did not mention the name of the contractor Nor did he specify the way in which the data was involved in this situation.

We confirm that the data disclosure was not due to a breach of our systems, has no impact on our operations, and the company continues to maintain a strong cybersecurity posture.

Saudi Aramco.

According to what was reported by the British newspaper, the Saudi Aramco statement was made after a hacker claimed on the dark web that he had stolen 1 terabyte of data from the oil company. The hacker indicated that he had obtained information about the location of the “black gold” refineries, as well as payroll files and confidential data of customers and employees of the company, according to the June 23 publication to which this newspaper had access.

According to the aforementioned source, the hacker would have put that information up for sale for around USD 5 million.

Subsequently, the hacker promised to erase data from the dark web if, as a counterparty, Saudi Aramco paid him $ 50 million in the cryptocurrency Monero, which, as has been said, is difficult to trace by law enforcement authorities.

Saudi Aramco (photo of its offices) ensures that the theft has no impact on its operations. Source: Wikipedia.

Does not appear to be a ransomware attack

Cyber ​​researchers noted that still It has not been clarified who is behind these attacks on Saudi Aramco.

However, they indicated that this act does not appear to be related to a ransomware attack. Ransomware is defined as an attack carried out using malicious software (malware) to seize the data of a user or computer system and release it only after payment of a ransom.

The hacker has also not mentioned being part of a ransomware gang. “Instead, the hacker appeared to have seized a copy of the data without using malware, and created profiles on the dark web to report their activities,” the researchers say.

The US oil industry also received recent cyberattacks

It is not the first time that the oil industry has received similar attacks. On May 7, 2021, there was a cyber attack on a US pipeline in Texas. As a consequence, there was a fuel shortage along the entire east coast of that country, and exposed security vulnerabilities of energy companies, as CriptoNoticias reviewed on that occasion.

That attack was awarded by a group of hackers known as DarkSide which is characterized by requesting payments in bitcoin (BTC), or in cryptocurrencies focused on privacy such as Monero (XMR).

According to the data provided by the Ransomwhere platform, until July 2021 ransomware losses already exceed 60 thousand bitcoins, as this media outlined.

A ransomware attack can target both companies and individuals, although this last modality is usually less frequent.