Oil & Gas

The announcement on gov.br websites states systems are unavailable due to an attempted cyberattack that took place last Thursday (4/8). As a security measure, all systems were taken offline to assess the risks to the Agency's cyber security. Among the unavailable systems are the weekly price survey, the Systems for Recording Documents at Dealer Stations (SRD-PR) and at LPG Dealers (SRD-GLP). The Electronic Information System (SEI), among others, were also unavailable.

Rompetrol, a Romanian gas station chain and part of KMG International, has confirmed it was subject to a “complex cyber-attack”. The company suspended operations of its website and its Fill&Go service at its gas stations. Operations at the gas stations remain normal with payment accepted by either cash or card. The company noted that the activity at Petromidia refinery, the largest oil refinery in Europe and operated by Rompetrol, has not been affected.

Romania’s National Cyber Security Directorate (DNSC) had been notified on 7 March by Rompetrol of the complex cyber-attack. As of 9 March, the Rompetrol.ro website remains unreachable.

"Evos said it had suffered delays at its terminals in Terneuzen in the Netherlands, Ghent in Belgium and Malta." The company admitted to having several port terminals hit in multiple countries simultaneously: Terneuzen in The Netherlands; Ghent in Belgium and Birzebbuga in Malta. They only admitted to delays, not a complete shutdown. The Malta facility was acquired from Oiltanking last year, and could be subject to similar vulnerabilities.

Oiltanking Deutschland and Mabanaft, two German oil companies, were also hit by cyberattacks. Unconfirmed reports suggest that BlackCat ransomware may have compromised systems at these recent attacks.

Ransomware has struck the computer systems of Taiwan’s state-owned energy company, CPC Corp., according to local media and private forensic reports reviewed by CyberScoop.
Although the attack didn’t affect the company’s energy production, it did disrupt some customers’ efforts to use CPC Corp.’s payment cards to purchase gas.

A cyberattack on Oil India Limited (OIL) led the energy giant to disable its IT systems at its headquarters in Assam’s Dibrugarh district. OIL server, network and other related services are affected. OIL spokesperson Tridiv Hazarika told ET, "data is secured, as per protocol, we disabled our systems. Infected computers are being checked. Our SAP is running and hence operations are going on smoothly. " He added, "our IT department will restore computers phase wise. Computers are put out of lan (local area network). Our drilling activities are going on without interruption. "

A senior police official said that it was Russian malware planted from a server in Nigeria. The cyber attacker has demanded US$ 7500000 as a ransom through a note from the infected PC.

Italian oil company Eni’s computer networks suffered a cyberattack – and a possible ransomware attack – but the company appeared to have caught it in time, officials said Wednesday.
Eni disclosed a security breach, threat actors gained access to its network, but according to the company the intrusion had minor consequences because it was quickly detected.
“The internal protection systems have detected unauthorized access to the corporate network in recent days,” a spokesperson for the company said.

The German subsidiary of Russian energy giant Rosneft has been hit by a cyberattack, the Federal Office for Information Security (BSI) said Monday.
The hacker group Anonymous is claiming responsibility, according to a report from the French wire service, AFP. Rosneft Deutschland reported the incident in the early hours of Saturday morning, the BSI said.
Anonymous published a statement Friday claiming responsibility for the attack saying it had captured 20 terabytes of data. Prosecutors in Berlin have opened an investigation, according to a report in Der Spiegel magazine.

German tank logistics company Oiltanking fell victim to a cyber attack Saturday which shut down the loading and unloading of the company’s tank farms. The company confirmed the attack to the publication “Handelsblatt” Monday. The attack also affected the mineral oil trader Mabanaft, like Oiltanking, a subsidiary of the Hamburg, Germany, group Marquard & Bahls. Port services and tank farms were unable to unload bulk oil, and fuel could not be loaded onto trucks at depots and distributed across the country.

Oiltanking operates fuel terminals at ports internationally. Mabanaft distributres fuel to 26 companies and 2,000 Shell stations from a network of 13 fuel tank farms across Germany. Both units declared 'Force Majeure' after the attack prevented them from operating.

Major oil terminals in Western Europe’s largest ports have fallen victim to a cyberattack, sources confirmed.
Belgian prosecutors launched an investigation into the hacking of oil facilities in the country’s maritime entryways, including Antwerp, Europe’s second largest port after Rotterdam. In Germany, prosecutors said they were investigating a cyberattack targeting oil facilities in what was described as a possible ransomware strike, in which hackers demand money to reopen hijacked networks.

Toronto, Canada-based Superior Plus Corp. revealed the company suffered a ransomware attack Sunday, which had an impact on the firm’s computer systems.
Upon learning of the incident, the company said it took steps to secure its systems and mitigate the impact on its data and operations. Superior retained independent cybersecurity experts to help deal with the matter in accordance with industry best practices.
Superior temporarily disabled certain computer systems and applications as it investigates this incident and is in the process of bringing these systems back online.