Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security IT

Aramco Says Networks Back Online, No Results From Investigation Yet 21

Trailrunner7 writes "Saudi Aramco says that the virus attack that compromised tens of thousands of the company's workstations last month never endangered the company's oil production capabilities and that all of the affected systems have been brought back online and restored. The attack on Aramco has been linked by researchers to the Shamoon malware, but company officials did not comment on the nature or provenance of the malware. The attack hit Aramco, one of the larger oil producers in the world, on August 15 and the company soon took its main Web sites offline as it investigated the extent and nature of the compromise. A group of attackers calling itself the Cutting Sword of Justice took credit for the attack through a post on Pastebin, saying that the operation had destroyed data on 30,000 machines, including both workstations and servers. The company originally did not comment on the extent of the damage to its network, simply saying that it had suffered an attack and was in the process of cleaning it up. On Monday, company officials said that security staffers had restored all of the infected machines and that its operations were back to normal."
This discussion has been archived. No new comments can be posted.

Aramco Says Networks Back Online, No Results From Investigation Yet

Comments Filter:
    • "Saudi Aramco says damage was limited to office computers and did not ... They say the computer virus gave them access to documents from Aramco's ... Saudi Aramco has said that only office PCs running Microsoft Windows ..."
      • "Saudi Aramco says damage was limited to office computers .. running Microsoft Windows" ...

        'However, one of Saudi Aramco's Web sites taken offline after the attack - www.aramco.com . remained down on Sunday. E-mails sent by Reuters to people within the company continued to bounce back` link [nytimes.com]
      • They say the computer virus gave them access to documents from Aramco's

        Hey, maybe they can blackmail Aramco out of Bitcoins now!

    • by Aryeh Goretsky ( 129230 ) on Monday September 10, 2012 @04:25PM (#41293275) Homepage

      Hello,

      I realize the default permission on Slashdot is set to "anti-Microsoft," but before that gets out-of-line, consider this attack was purportedly done by an insider (or possibly even insiders).

      At that point, it doesn't really matter what the operating systems(s) the business runs. If it was an inside job, the attacker would have been damaging things regardless of the operating system(s) used. How environments are secured and managed is a lot more important these days than what operating systems they run.

      Regards,

      Aryeh Goretsky

      • by Anonymous Coward

        No inside attacker can do any more harm than an outsider in a well-protected setup these days.

        Regards,

        Thomas J

      • "I work in the research department of a computer security company"

        If you want to be taken seriously in computer security, don't ever go on slashdot to defend MICROS~1 ...
        • by ra1n85 ( 2708917 )
          Yes, how dare he!? Everyone knows that Aramco should have been using the Arabic port of Debian.
      • When you're using Windows desktops, all your "inside" is "outside". Google at least learned after their big oops and corrected this situation. I bet Aramco didn't, and will have the issue again in nine months or so.
        • Hello,

          Malware for Android, Google's version of Linux for smartphones and tablets, seems to be on the upswing, though.

          Regards,

          Aryeh Goretsky

          • Android is open source, and lets people do what they will with it. Some people will do dumb things. Almost all of the Android malware issue seems to be with people who don't have Google Play, and in places not relevant to most of us, or people who sideload apps from random websites, and such. You know, I'm fine with people deciding to take that risk and enjoying the benefit or suffering the consequences. That's what freedom is about.
    • I doubt that they were using anything other than Windows, Windows Server & so on. I'm willing to bet - they may be the among the first converts to Windows Server 2012 and Windows 8.
  • I have clients that need to send email to aramco.com, and none of their SMTP servers are accepting a connection. Maybe they overreacted, and blacklisted the entire planet....
  • Any good attack would have destroyed the backups before wiping the servers and workstations.

    Of course, offline tapes with backups cannot be destroyed from the outside, unless we're talking a truly long term project with an inside man slowly corrupting the offline backups, or a full intrusion armed with bulk erasers...

  • .. if you only look at companies that are listed on the stock market.
    It's remarkable how Aramco manages to keep a low profile. It's not possible to put 'today's value' on it but estimates are always over a trillion dollars and reach up to 7 trillion.

    To be fair, it may be just the name that has a low profile. 'saudi oil' is the same thing and it doesn't exactly have a low profile.

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...