The incident took place nearly four years back. On August 15, 2012, Saudi Aramco experienced an enormous cyber attack. Saudi Aramco, Saudi Arabia’s national oil company, is the world's largest exporter of the crude oil.
Nearly 30,000 of its computer systems using the Windows operating system got infected by the virus. The virus that attacked the Saudi Aramco’s computer network was a self-replicating Trojan virus named as ‘Shamoon.’ It caused a significant disruption of the world's largest oil producer firm.
The primary function of the Shamoon virus was to delete the data from the company’s database. This malware caused the deletion of the data from 30,000 computers’ hard drives. This attack adversely affected the business process of the company. A huge amount of the company’s official data was lost in this cyber attack. This virus also spread into the network of other oil and gas firms.
According to the employees of the biggest oil manufacturer industry, on 15 August 2012, the company’s computer system started malfunctioning. The files from the computer’s database disappeared and computer system started to fail. After the detection of this huge attack on the company’s network, the firm unplugged all the internet connections linking the entire organisation. The whole internet communication system was shut down, taking the company offline.
It took a lot of time to recover the company’s network and secure it again. In the meantime, the world’s biggest company shifted into 1970’s work technology, using typewriters and fax machines for communication. All work was carried out in the company using ‘old school’ methods. Most work was done on paper, whether it was tracking shipments or making contracts. The company took five months to fix its network system and come back online.
How Shamoon Was Spread?
A company employee opened up a spam email and clicked on a bad link. This transferred a virus into the Saudi Aramco network system. Since it was a self-replicating virus, it spread into whole of the company’s computer network and affected around 30,000 computer systems.
A hacker group called ‘Cutting Sword of Justice’ claimed responsibility for this virus attack. They threatened the company officials saying—“This is a warning to the tyrants of this country and other countries that support such criminal disasters with injustice and oppression.”
After the attack, the company’s business was in turmoil. Without internet in the offices, the company was not able to send formal emails, maintain supplies, or contact government and business agencies.
A huge army of security officials was hired by the company to create a new security wall for its network and to backup its internet services. They replaced and bought around 50,000 new hard drives from the market.
After about five months, the company was brought back online with its new network system and better cyber security team. Still, this attack caused a huge loss to the company.
Source: Information Provided By Sniper Corporation