Saudi Aramco Oil Company Says It Fought Off Malware Attack

Saudi Aramco, the national oil company of Saudi Arabia, has cleaned its workstations and resumed operations after a malware attack struck the company’s systems, according to company officials.

On Aug. 15, the company was hit with a cyber-attack, and in response it disconnected its electronic systems from the Internet. Sunday, the company said the roughly 30,000 workstations impacted by the attack have been cleansed and restored to service.

“We addressed the threat immediately, and our precautionary procedures, which have been in place to counter such threats, and our multiple protective systems, have helped to mitigate these deplorable cyber-threats from spiraling,” Khalid A. Al-Falih, president and CEO of Saudi Aramco, said in a statement.

“Saudi Aramco is not the only company that became a target for such attempts, and this was not the first nor will it be the last illegal attempt to intrude into our systems, and we will ensure that we will further reinforce our systems with all available means to protect against a recurrence of this type of cyber-attack,” he added.

The company confirmed that its primary enterprise systems of hydrocarbon exploration and production were unaffected because they operate on isolated networks, as do the control systems of the production plants. The exploration, production, exports, sales, distribution operation, financial and human resources systems and databases also function on isolated systems and were unaffected.

Researchers have said the malware attack may be linked to the Shamoon malware. Last week, Eugene Kaspersky, CEO of Kaspersky Lab, tweeted that the date and time hard-coded into Shamoon matched the date and time mentioned in a Pastebin post by a group named Cutting Sword of Justice that took credit for the attack on Aramco. But just who was behind the attack remains a mystery, as other posts indicating a crew called the Arab Youth Group may be involved. Others have speculated that the attack may not be the work of hacktivists at all, but may have been a state-sponsored activity.

The Saudi Aramco CEO said that the company continues to investigate the causes of the incident and those responsible for it.

“We would like to emphasize and assure our stakeholders, customers and partners that our core businesses of oil and gas exploration, production and distribution from the wellhead to the distribution network were unaffected and are functioning as reliably as ever,” he said. “There is no doubt whatsoever about Saudi Aramco meeting its commitments to its customers worldwide.”