What is the Shamoon virus that has returned to hack Saudi networks?

Shamoon is known to disrupt computers by overwriting the master book record

Published: Updated:
Enable Read mode
100% Font Size

Saudi Arabia is on high alert after a variant of a virus named Shamoon, that previously breached the kingdom’s cyber security in 2012, has returned.

Shamoon is known to disrupt computers by overwriting the master book record, making it impossible for them to start up, according to Reuters.


Saudi Arabia Computer Emergency Response Team (CERT)’s Abdulrahman al-Friah confirmed to Al Arabiya that at least 22 institutions were affected by the Shamoon virus at the time of publication.

“We cannot definitely determine the financial costs of such breaches yet as it depends on each institutions platform. Websites which sell and buy will obviously be affected the most,” Fiah said.

In 2012, the virus crippled tens of thousands of computers at Saudi Aramco, the kingdom’s oil giant, by wiping their disks.

Images of a burning American flag were used to overwrite the drives. RasGas Co. was also affected.

The hackers were believed to be working on the Iranian government.

Several Saudi organizations have been affected by the new wave of attacks, including the labor ministry, which said that the hack did not disrupt its data.

In the recent attacks, an image of the body of 3-year-old drowned Syrian refugee Aylan Kurdi was used in recent attacks, according to US security researchers.

Top Content Trending