Oil & Gas
Ransomware has struck the computer systems of Taiwan’s state-owned energy company, CPC Corp., according to local media and private forensic reports reviewed by CyberScoop.
Although the attack didn’t affect the company’s energy production, it did disrupt some customers’ efforts to use CPC Corp.’s payment cards to purchase gas.
April 10, 2022: Oil India Ltd. Hackers Demand US$7.5M Ransom Payment
A cyberattack on Oil India Limited (OIL) led the energy giant to disable its IT systems at its headquarters in Assam’s Dibrugarh district. OIL server, network and other related services are affected. OIL spokesperson Tridiv Hazarika told ET, "data is secured, as per protocol, we disabled our systems. Infected computers are being checked. Our SAP is running and hence operations are going on smoothly. " He added, "our IT department will restore computers phase wise. Computers are put out of lan (local area network). Our drilling activities are going on without interruption. "
A senior police official said that it was Russian malware planted from a server in Nigeria. The cyber attacker has demanded US$ 7500000 as a ransom through a note from the infected PC.
August 31, 2022: Eni, Italian Oil Giant, Suffers Cyberattack
Italian oil company Eni’s computer networks suffered a cyberattack – and a possible ransomware attack – but the company appeared to have caught it in time, officials said Wednesday.
Eni disclosed a security breach, threat actors gained access to its network, but according to the company the intrusion had minor consequences because it was quickly detected.
“The internal protection systems have detected unauthorized access to the corporate network in recent days,” a spokesperson for the company said.
March 11, 2022: German Subsidiary Of Russia’s Rosneft Hacked
The German subsidiary of Russian energy giant Rosneft has been hit by a cyberattack, the Federal Office for Information Security (BSI) said Monday.
The hacker group Anonymous is claiming responsibility, according to a report from the French wire service, AFP. Rosneft Deutschland reported the incident in the early hours of Saturday morning, the BSI said.
Anonymous published a statement Friday claiming responsibility for the attack saying it had captured 20 terabytes of data. Prosecutors in Berlin have opened an investigation, according to a report in Der Spiegel magazine.
January 29, 2022: German Oil Tank Farm Shut Down
German tank logistics company Oiltanking fell victim to a cyber attack Saturday which shut down the loading and unloading of the company’s tank farms.
The company confirmed the attack to the publication “Handelsblatt” Monday. The attack also affected the mineral oil trader Mabanaft, like Oiltanking, a subsidiary of the Hamburg, Germany, group Marquard & Bahls.
An Oiltanking spokesperson said: “On Saturday 29 January 2022, Oiltanking GmbH Group and Mabanaft GmbH & Co. KG (Mabanaft) Group discovered we have been the victim of a cyber incident affecting our IT systems.
January 27, 2022: Oil Terminals In Europe Suffer Cyberattack
Major oil terminals in Western Europe’s largest ports have fallen victim to a cyberattack, sources confirmed.
Belgian prosecutors launched an investigation into the hacking of oil facilities in the country’s maritime entryways, including Antwerp, Europe’s second largest port after Rotterdam. In Germany, prosecutors said they were investigating a cyberattack targeting oil facilities in what was described as a possible ransomware strike, in which hackers demand money to reopen hijacked networks.
December 12, 2021: Gas Supplier Hit In Ransomware Attack
Toronto, Canada-based Superior Plus Corp. revealed the company suffered a ransomware attack Sunday, which had an impact on the firm’s computer systems.
Upon learning of the incident, the company said it took steps to secure its systems and mitigate the impact on its data and operations. Superior retained independent cybersecurity experts to help deal with the matter in accordance with industry best practices.
Superior temporarily disabled certain computer systems and applications as it investigates this incident and is in the process of bringing these systems back online.
June 23, 2021: Saudi Aramco Data Breach
Saudi Aramco, the state oil company of Saudi Arabia, was the focus of a $50 million data breach.
Aramco is describing the attack as an indirect release of a limited amount of company data held by third-party contractors. Saudi Aramco said there was no breach of its systems and said the attack had no impact on its operations. However, it became aware of the indirect release of a limited amount of company data which was held by third-party contractors.
A listing for the stolen data was posted on June 23.
Colonial Pipeline, which operates a major pipeline system that transports fuel across the East Coast, fell victim to a ransomware attack Friday and halted all pipeline operations while it dealt with the incident, company officials said. Colonial Pipeline did not say what was demanded or who made the demand. Ransomware attacks are typically carried out by criminal hackers who seize data and demand a large payment in order to release it.
UPDATE: The FBI has established that the DarkSide is to blame for the assaults. The DarkSide appears to be unaffiliated with any nation-states, claiming in a statement that "our purpose is to generate money [not to create] issues for society" and that it is apolitical. DarkSide announced its closure in the aftermath of the pipeline assault.
February 21, 2021: Oil Drilling Company, Gyrodata, Hit By Ransomware
On February 21, Gyrodata discovered it was the target of a ransomware attack. In response, the company immediately took steps to secure its systems, launched an investigation, and a cybersecurity firm was engaged to assist with its investigation.