Aramco Targeted in a $50 Million Cyber-Extorsion Campaign

Edward Kost
Edward Kost
July 22, 2021

Saudi oil giant, Aramco, is currently battling a cyber-extortion campaign involving a $50 million ransom and 1 terabyte of leaked company data.

The data was found published on the darknet - an encrypted sector of the internet supporting clandestine illegal operations.

Aramco says that the data was hosted by one of its third-party contractors and that this incident was not a result of a cyberattack or a data breach. It’s, therefore, speculated that overlooked data leakage was to blame

What’s the difference between a data breach and a data leak?

A data breach is the result of a planned cyber attack targeting sensitive data, a data leak is the accidental exposure of sensitive data.

When cybercriminals discover a data leak, it could arm them for a devastating data breach, or in this case, a momentous cyber-extorsion campaign.

At this point, it’s understood that unidentified cybercriminals discovered one of Aramco’s vendors leaking data, seized it, and then offered Aramco the chance to have it deleted in exchange for a ransom payment of $50 million in cryptocurrency.

It’s not yet known how Aramco plans to respond.

Data leakage is, unfortunately, a prevalent vulnerability. A recent study by UpGuard found that 36% of surveyed companies unknowingly suffered a data leak in the last year, and that data leaks increased by 25% in the ASX 200 since 2019.

Access the study here.

Third-party breaches account for almost 60% of data breaches. By shifting the focus to shutting down events that could develop into breaches - vendor data leaks - the provocative trend of third-party breaches could be severed by more than half.

This novel approach to data breach prevention could, one day, save you $50 million.

How secure is Aramco?

Saudi Aramco, officially the Saudi Arabian Oil Company, is a Saudi Arabian public petroleum and natural gas company based in Dhahran.
  • Check icon
    View our free preliminary report on Aramco’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
Security ratings
Abstract shape
Deliver icon

Sign up for our newsletter

Stay up-to-date on everything UpGuard with our monthly newsletter, full of product updates, company highlights, free cybersecurity resources, and more.
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan rating