Dubai: Saudi Arabia’s largest oil producer Saudi Aramco’s main website is still down, but it has resumed operating its internal computer networks after a virus infected about 30,000 of its workstations in mid-August.
“The workstations have since been cleaned and restored to service. As a precaution, remote internet access to online resources was restricted,” Khalid A. Al Falih, president and CEO, Saudi Aramco, said on its website.
Enterprise systems used for hydrocarbon exploration and product are isolated network systems that were not affected. Production plants, which also have isolated systems, were not affected, Saudi Aramco said. The incident remains under investigation.
A group calling itself the ‘Cutting Sword of Justice’ claimed responsibility for the attacks. The group accused the Saudi Arabia government of supporting “crimes and atrocities” in countries such as Syria and Egypt, according to a post on Pastebin.
Saudi Aramco said it expected further intrusions.
“Saudi Aramco is not the only company that became a target for such attempts, and this was not the first nor will it be the last illegal attempt to intrude into our systems. We will ensure that we further reinforce our systems with all available means to protect against a recurrence of this type of cyber attack,” Al Falih said.
However, Saudi Aramco’s websites which was taken offline after the attack — www.aramco.com — remained down on Monday. Emails sent by Gulf News to the company continued to bounce back.
“We addressed the threat immediately, and our precautionary procedures, which have been in place to counter such threats, and our multiple protective systems have helped to mitigate these deplorable cyber threats from spiralling,” Al Falih said.
Al Falih confirmed that exploration, production, exports, sales, distribution operations, financial and human resources systems, and databases are intact as they function on isolated systems.
The Middle East has become the focus of increasingly subtle hacking attacks, apparently backed by state-sponsored groups. The discovery of the Stuxnet worm last year, which affected Iranian nuclear research facilities, was followed by the discovery of the Flame and Gauss worms, which have also targeted systems in the region.
Need for antivirus solution
“Millions of new malwares are coming out on a daily basis and it is not possible to stay protected without a good antivirus solution,” Fraser Howard, principal researcher at SophosLabs, said.
Internet still “remains the primary source of malware” and it also gets circulated using USB drives and external hard disks. Only a good antivirus solution “can protect you against these threats,” Aji Joseph, general manager at ESET Middle East, said.