Ransomware Attack on Odfjell Drilling by Meow Ransomware Group Disrupts Operations
Incident Date:
July 16, 2024
Overview
Title
Ransomware Attack on Odfjell Drilling by Meow Ransomware Group Disrupts Operations
Victim
Odfjell Drilling AS
Attacker
Meow
Location
First Reported
July 16, 2024
Ransomware Attack on Odfjell Drilling by Meow Ransomware Group
Overview of Odfjell Drilling
Odfjell Drilling AS, headquartered in Bergen, Norway, is a prominent offshore drilling contractor with a global presence. Founded in 1973, the company operates a fleet of advanced drilling rigs, including semi-submersibles and jack-up rigs. Odfjell Drilling provides a range of services, including offshore drilling, well services, engineering, project management, and decommissioning. The company employs approximately 1,200 personnel and reported a revenue of around $400 million for the fiscal year 2022. Known for its commitment to safety, environmental sustainability, and technological innovation, Odfjell Drilling has secured long-term contracts with major oil companies, enhancing its market presence.
Details of the Ransomware Attack
On July 16, 2024, Odfjell Drilling fell victim to a ransomware attack orchestrated by the Meow Ransomware group. The attack targeted the company's digital infrastructure, potentially compromising sensitive data and disrupting operations. The ransomware group claimed responsibility for the attack via their dark web leak site, where they often list victims who have not paid the ransom. The attack has posed significant challenges for Odfjell Drilling, which is now focused on mitigating the impact and restoring its systems to full functionality.
About Meow Ransomware Group
Meow Ransomware emerged in late 2022 and resurfaced in 2024 with increased activity. The group is associated with the Conti v2 ransomware variant and primarily targets industries with sensitive data, such as healthcare and medical research. Meow Ransomware employs various infection methods, including phishing emails, exploit kits, Remote Desktop Protocol (RDP) vulnerabilities, and malvertising. Once a system is compromised, the ransomware encrypts files using a combination of the ChaCha20 and RSA-4096 algorithms. The group leaves behind a ransom note named "readme.txt," instructing victims to contact them via email or Telegram to negotiate the ransom payment.
Potential Vulnerabilities and Penetration Methods
Odfjell Drilling's extensive digital infrastructure and global operations make it a lucrative target for ransomware groups like Meow. The company's reliance on advanced technology and digital systems for its drilling and engineering services could have exposed vulnerabilities that the ransomware group exploited. Potential penetration methods include phishing emails targeting employees, exploiting RDP vulnerabilities, and using malvertising to deliver the ransomware payload. The attack underscores the importance of robust cybersecurity measures to protect against sophisticated threat actors.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.