There are reports out Thursday that another major oil producer, Qatari firm RasGas, has been knocked offline by a virus attack, according to a published report.
RasGas’s corporate web site was unreachable Thursday and e-mail sent to RasGas e-mail addresses bounced. The report comes by way of the web site arabianoilandgas.com, which quoted an unnamed RasGas spokesperson saying that “an unknown virus has affected” the company’s office systems since Monday, August 27. The news comes just days after the Saudi oil producer Saudi Aramco acknowledged that a widespread virus outbreak infected 30,000 systems on its internal network.
RasGas Company Ltd. (http://www.rasgas.com/) is based in Qatar and is the second largest producer of liquefied natural gas (LNG) in the world.
The report said that RasGas has notified its suppliers by fax that the company is “experiencing technical issues with its office computer systems,” ArabianOilandGas.com reported. However, a company spokesperson said that the company’s LNG production and distribution operations were unaffected.
RasGas is reportedly working with ICTQatar, that country’s Supreme Council of Information and Communication Technology. Calls and e-mails to ICTQatar were not immediately returned.
If the reports are accurate, RasGas would be just the latest major energy producing company to be targeted by a malware attack. On Sunday, Saudi Aramco, that country’s national oil company, said that it had restored service to more than 30,000 computers on its internal network that had been infected with a virus on August 15. That attack, which was attributed to a previously unknown hacking group called the Cutting Sword of Justice. It was in retaliation for what the group said was the Al-Saud regime’s support of “crimes and atrocities” in Syria, Bahrain, Yemen and other countries.
The malware used in that attack, Shamoon, was designed to partially destroy data on the hard drives of systems it infected. It is unclear whether the same malware was at use in the RasGas attack.
Stay tuned for more details on this attack from SecurityLedger…