Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label $50 Million. Show all posts

USD 50 Million Ransom Demanded from Saudi Aramco Over Leaked Data

 

Saudi Arabia's state oil firm admitted on Wednesday that data from the corporation was leaked and that the files are now being used in a cyber-extortion effort including a USD 50 million ransom demand. The data was presumably leaked by one of the company's contractors. Saudi Aramco, the Saudi Arabian Oil Co., notified The Associated Press that it "recently became aware of the indirect release of a limited amount of company data which was held by third-party contractors."

Saudi Aramco is a public Saudi Arabian oil and gas enterprise headquartered in Dhahran. It is expected to be one of the world's most profitable corporations as of 2020. Saudi Aramco has the world's second-biggest proven crude oil reserves, with about 270 billion barrels (43 billion cubic metres), as well as the world's greatest daily oil production. 

The Master Gas System, operated by Saudi Aramco, is the world's biggest single hydrocarbon network. It handles about one hundred oil and gas fields in Saudi Arabia, including 288.4 trillion standard cubic feet (scf) of natural gas reserves, and its crude oil production totaled 3.4 billion barrels (540 million cubic metres) in 2013. The Ghawar Field, the world's largest onshore oil field, and the Safaniya Field, the world's largest offshore oil field, are both operated by Saudi Aramco. 

The oil company did not specify which contractor was affected, nor did it clarify whether the contractor was hacked or if the information was released in some other way. "We confirm that the release of data was not due to a breach of our systems, has no impact on our operations and the company continues to maintain a robust cybersecurity posture," Aramco said. 

The AP found a page on the darknet, a section of the internet kept behind an encrypted network and accessible only through specific anonymity-providing tools, that claimed the extortionist had 1 terabyte of Aramco data. The page offered Aramco the chance to have the data destroyed for USD 50 million in cryptocurrency, with a countdown counting down from USD 5 million, most likely to put pressure on the corporation. It's still unknown who's behind the ransom plot. 

Aramco has previously been the victim of cyber-attacks. The so-called Shamoon computer virus, which destroyed hard drives and then flashed a picture of a burning American flag on computer displays, affected the oil behemoth in 2012. Aramco was compelled to shut down its network and destroy over 30,000 machines as a result of the attack. Later, US officials blamed the strike on Iran, whose nuclear enrichment programme had just been targeted by the Stuxnet virus, which was most likely created by the US and Israel.

Ransomware Attack by REvil on Apple, Demands $50 Million

 

While Apple was working on the preparations for the 'Spring Loaded' event that went live on Tuesday, 20th April, the company requested a settlement to prevent its next-gen equipment data from being leaked. The REvil Group, also identified as SODINOKIBI, said that it had been able to access the computer network of Apple's Quanta Computer, and has requested $50 million to decrypt its systems, via the Dark Web. Quanta Computer is a major MacBook Air, MacBook Pro supplier. 

The operator of REvil published a blog on its dark website that goes by the name – 'Happy Blog' claiming that Quanta Computer is being a target of a ransomware attack. 

Even though the Hacker Group initially tried to negotiate an agreement with the company, the team allegedly posted details of the upcoming Apple devices before the Spring-Loaded event, following the refusal by Quanta Computer to pay the ransom, as per a blog post. 

Some of the schematic seemingly aligned with the current iMac as well as some new version details were shared by hackers. The Ransomware Operator warned Apple, to repurchase the existing data until 1st May to avoid further leakage. Each day, before Apple buckles up, hackers attempt to threaten to post new files to their site. The organization also said that it is dealing with many big suppliers on the sale of large amounts of classified drawings and gigabytes of personal information. 

“Quanta Computer's information security team has worked with external IT experts in response to cyberattacks on a small number of Quanta servers,” a Quanta Computer spokesperson stated. “We've reported to and kept seamless communications with the relevant law enforcement and data protection authorities concerning recent abnormal activities observed. There's no material impact on the Company's business operation.” 

The representative further stated that the information security defense system was triggered instantly while performing a comprehensive inquiry. The organization has also said its cybersecurity level was revamped and its current infrastructure is improved. 

Quanta also said that they were working on the issue with law enforcement authorities and data protection authorities

Electronics Giant Acer Hit by $50 MIllion Ransomware Attack

 

The ransomware gang known as ‘REvil’ stole confidential files from computer giant Acer and demanded an unprecedented ransom of US$50 million. The group also posted online images of allegedly stolen spreadsheets, bank balances, and bank texts, in order to prove their claims of having hacked into the Taiwan company’s network.

According to security researchers, hackers may have exploited a Microsoft Exchange vulnerability to gain entry into the company’s network. The $50 million demand of Acer is the largest-ever ransom demand to become publicly known, Callow said, larger than the $42 million REvil wanted from celebrity law firm Grubman Shire Mieselas & Sacks, who counted Nicki Minaj, Mariah Carey, and Lebron James among its clients. 

When asked about the situation, Acer wouldn’t admit that it was a ransomware attack, only telling Bleeping Computer in a statement that it has “reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries.” In the request for  further details, Acer replied, “there is an ongoing investigation and for the sake of security, we are unable to comment on details.” 

According to the Record’s report, Acer’s name appeared on the REvil ransomware group’s list of companies that do not pay extortion fees. With the help of malware intelligence analyst Marcelo Rivero, The Record managed to track down the gang’s other dark web portal, which clearly displayed the $50 million ransom the gang demands from Acer and the online chat the gang was using to communicate to the company’s representatives.

Before the attack, Advanced Intel’s Andariel cyberintelligence platform detected that the REvil gang recently targeted a Microsoft Exchange server on Acer’s domain and used the ProxyLogon vulnerability to install their ransomware.