DUBAI, United Arab Emirates — Saudi Arabia’s state oil giant acknowledges that leaked data from the company — files now apparently being used in a cyber-extortion attempt involving a $50 million ransom demand — likely came from one of its contractors.
The Saudi Arabian Oil Co., better known as Saudi Aramco, tells The Associated Press that it “recently became aware of the indirect release of a limited amount of company data which was held by third-party contractors.”
The oil firm doesn’t say which contractor found itself affected nor whether that contractor had been hacked or if the information leaked out another way.
“We confirm that the release of data was not due to a breach of our systems, has no impact on our operations and the company continues to maintain a robust cybersecurity posture,” Aramco says.
A page accessed by the AP on the darknet — a part of the internet hosted within an encrypted network and accessible only through specialized anonymity-providing tools — claims the extortionist holds 1 terabyte worth of Aramco data. A terabyte is 1,000 gigabytes.
The page offers Aramco a chance to have the data deleted for $50 million in cryptocurrency, while another timer counted down from $5 million, likely in an effort to pressure the company. It remains unclear who is behind the ransom plot.
Aramco has been targeted before by a cyberattack. In 2012, the kingdom’s oil giant found itself hit by the so-called Shamoon computer virus, which deleted hard drives and then displayed a picture of a burning American flag on computer screens. The attack forced Aramco to shut down its network and destroy over 30,000 computers.
US officials later blamed that attack on Iran, whose nuclear enrichment program had just been targeted by the Stuxnet virus, likely an American and Israeli creation.