Home Breaking News: $50M Ransom Demand on Saudi Aramco

Breaking News: $50M Ransom Demand on Saudi Aramco

Contributed by Justice Anyai, Office of the CTO, Check Point Software

The Financial Times reported on July 21st that Saudi Aramco, the largest oil producer in the world, is currently faced with a ransomware payment situation. The cyber extortionist behind this attack has demanded a payment of $50M to an undisclosed cryptocurrency wallet or else troves of data will be made public.

Saudi Aramco has acknowledged and confirmed the story, but also stated that the leak has affected a limited amount of company data. As with recent publicized cyberattacks, the attack originated with a third-party contractor, and was not a direct attack on its own IT systems. The company further added that they have maintained an effective cyber security posture, but the question remains, “How were threat actors able to exploit a third-party contractors system to access Saudi Aramco’s data?”

The recent spike in supply chain attacks are similar to this recent attack. Several factors are involved, but one key factor has been the rise of the current cyber pandemic. Attackers are identifying more vectors of attacks not directly on the victims or organization but on third-party IT contractors that are usually trusted entities. With the increase in cloud adoption and use of mobile platforms, this has made security even more challenging and complicated. Major organizations such as Saudi Aramco rely on third-party contractors to manage certain platforms, citing skillset gaps, the complex nature of these disruptive technologies, and the COVID-19 pandemic that has pressed organizations to adopt digital technologies faster than planned.

In my opinion, implementing a holistic security strategy across all IT platforms is a key step to addressing this issue, including the need to conduct an effective due diligence on third-party contractors. The whole idea is to make it difficult for a cyberattack to be successful or to reduce the blast surface by ensuring a very limited section of your systems are affected.

For example, I firmly recommend that you implement an Identity and Access Management strategy that incorporates least privileged and Zero Trust across all IT platforms, automate your threat prevention capabilities, and incorporate segmentation, among other best practices. Be sure to consider these recommendations based on your organization’s specific business strategies.