Oil and gas regulator company PetroChina Indonesia allegedly became the latest victim of a ransomware attack, adding one more company to the list of critical infrastructures being targeted by hackers.
The profile of the oil and gas company was shared on the dark web post published on the Medusa Blog. The hacker collective also demanded a ransom for the deletion of the data, increasing the deadline, with a threat to sell the data. Cybersecurity researcher Dominic Alvieri confirmed the incident with The Cyber Express.
Details about the PetroChina ransomware attack
According to the Medusa Blog, the deadline to respond to the ransomware threat is 7 days and a few hours. $10,000 was demanded to increase the deadline by a day, $400,000 to delete all the data, and $400,000 to download the data.
The Cyber Express did not receive a response from the company regarding the PetroChina ransomware attack at the time of writing.
Cyberattacks on oil and gas companies
This is the second cyberattack in quick succession on an oil and gas company after LockBit allegedly breached Grupo Albanesi only hours behind PetroChina. The official website was accessible at the time of writing.
Attacking Grupo Albanesi has a direct impact on 9 plants for which it generates power in Argentina.
In 2021, Georgia-based Colonial Pipeline, which provides nearly 45% of diesel, jet fuel, and petrol from the East Coast, suffered a ransomware attack. A state of emergency was declared by President Joe Biden due to its impact on the economy of the nation, and the culprits were nabbed in the nick of time.
TrickBot ransomware gang members were arrested by the UK and US in a campaign led by the National Crime Agency (NCA), officials from the Treasury, and the US Department of the Treasury’s Office of Foreign Assets Control (OFAC).
This campaign witnessed the arrest of 7 TrickBot members along with Ryuk, Wizard Spider or Darkside, and Conti ransomware gang members.
Technology used in critical infrastructure
An average large-scale oil and gas company employs nearly half a million processors to simulate oil and gas reservoirs, according to Deloitte research.
The tech infrastructure is used for functions like operating and sharing drilling and production control systems across geographical areas, and generating, transmitting, and storing petabytes of field data, among others.
CISA issued a notice to CEOs and corporate leaders that noted to participate in test of response plans, working with the CISOs and engineers to focus on continuity tests to recognize finite resources, investments, etc., strictly following multi-factor authentication, updating software because legacy vulnerabilities in systems of critical infrastructure is among the causes impacting its security, and thinking before clicking any found link or page.
The bill on funding cybersecurity research
The U.S. House of Representatives has already passed a bill that allocated better funding for cybersecurity research focusing on its critical infrastructure.
The Energy Cybersecurity University Leadership Act was created because of the Colonial Pipeline cyberattack and others. The act noted the need for funding in research allocated for researchers working to improve cybersecurity around energy infrastructure.