Saudi Aramco investigating origins of ‘Shamoon’ virus following attack


Saudi Aramco confirmed this week that investigations were still underway to find out the origins of a virus named “Shamoon” which attacked the company's networks last month.

The oil giant said its electronic network is now functioning normally after the virus compromised tens of thousands of the company's workstations last month but never endangered Aramco's oil production capabilities.

The attack hit Aramco, one of the larger oil producers in the world, on Aug. 15 and the company soon took its main websites offline as it investigated the extent and nature of the compromise.

The company’s investigations have so far found “speculations,” not hard facts, concerning the virus, and said it would not comment on any rumors circulated about the origins of the virus.

Aramco said it was able to clean the networks affected by the “Shamoon” virus, which amounted to 30,000 computers damaged by malware infestation. About 85 percent of the company’s devices had their hardware destroyed.

In a statement that was broadcast Monday evening, Aramco confirmed that the virus, which only affected personal workstations in the company, had no significant impact on the company’s administrative operations or the productivity of its employees.

The company said the systems recovered from the virus after the quick restoration of the affected workstations, in time for employees returning to work from Eid al-Fitr holiday.

“We addressed the threat immediately, and our precautionary procedures, which have been in place to counter such threats, and our multiple protective systems, have helped to mitigate these deplorable cyber threats from spiraling,” said Khalid Al-Falih, president and CEO of Saudi Arabia, in a statement published last week on the company's Facebook page.

In the statement, al-Falih reiterated that its primary enterprise systems of hydrocarbon exploration and production were unaffected.
Immediately after the attack, the company announced it had isolated its electronic systems from the outside world to prevent further attacks.

Information technology experts have warned that cyber attacks on countries’ energy infrastructure, whether conducted by hostile governments, militant groups or private “hacktivists” making political points, could disrupt energy supplies.