The attack against Qatar’s RasGas, one of the world’s largest exporters of LNG, was likely to be the same Shamoon malware that downed Saudi Aramco’s office network, and appears to have been deliberate sabotage, according to reports in the Wall Street Journal.
Reiterating a Kaspersky research note dubbing the originators of the Shamoon malware “script-kiddies,” an expert from the internet security firm has observed that while the Saudi Aramco attack was “clearly an act of sabotage,” there are “beginner-level bugs in the code” of the Shamoon virus which suggests it is an attack from ‘hacktivist’ saboteurs rather than a state actor.
Both RasGas and Aramco were suddenly hit by malware that took down workstations and office functions. Both companies say core operations were unaffected as the systems responsible for production and shipping are isolated from the internet and office systems.
At the time of writing, RasGas emails to verified addresses at RasGas continue to bounce back with a permanent delivery failure error message. The RasGas website (www.rasgas.com) has been taken offline and replaced with a holding page.
While headline operations have not been affected, both companies are likely to have lost hundreds of hours of work as a result of workstations being wiped by the Shamoon bug, and the process of cleansing and restoring workstations across these large companies will have taken hundreds hours more of technician time. Niether Aramco nor RasGas will estimate the business impact of their respective virus attacks.
Technology journalist Mark Sutton says the region’s companies must now take cyber security seriously. “The question is,” he ask, “whether organizations in the region will finally hear this wake up call?”