snatch attacks Oil India Limited
Incident Date:
October 5, 2022
Overview
Title
snatch attacks Oil India Limited
Victim
Oil India Limited
Attacker
Snatch
Location
First Reported
October 5, 2022
Oil India Limited Faces Ransomware Attack
Oil India Limited (OIL), a state-run oil company in India, was recently targeted by a ransomware group identified as Snatch. The cyberattack, which took place on April 10, 2022, compromised the company's network, server, and client PCs, leading to a significant network outage. The attackers demanded a ransom of 750,000 USD (approximately Rs 57 crore) in Bitcoin.
The cyberattack, centered on OIL's headquarters in Duliajan, Assam, has been described by OIL spokesperson Tridiv Hazarika as the "biggest cyberattack in recent years." Despite the attack, the company's core operations, including drilling and production, remained unaffected. However, the disruption of business transactions resulted in considerable financial losses.
The perpetrators executed the attack using Russian malware, which was deployed from a server located in Nigeria. OIL has taken legal action by lodging an FIR with the Duliajan Police Station, invoking various sections of the Information Technology Act and Section 385 of the Indian Penal Code, which pertains to extortion.
OIL plays a crucial role in the Energy, Utilities & Waste sector, focusing on the exploration, development, and production of crude oil and natural gas. The company emphasizes operating in an efficient, safe, and environmentally responsible manner, as stated on its website.
This incident underscores the heightened vulnerabilities faced by entities in the energy sector to cyber threats. With an increasing reliance on digital technologies, the sector is more exposed to cyberattacks that can disrupt operations and inflict significant financial damages.
In the aftermath of the attack, OIL has initiated measures to recover its systems and enhance its cybersecurity posture. The company is collaborating with external cybersecurity experts and has reported the incident to law enforcement authorities.
The attack on OIL serves as a critical reminder for companies, particularly those within the energy sector, to prioritize cybersecurity. Implementing comprehensive and robust cybersecurity measures is essential to safeguard against ransomware attacks and other cyber threats.
Sources
- Oil India Limited | Govt. of India Enterprise | Oil Company in India
- 'Biggest cyberattack in recent years' hits Oil India HQ, hackers demand Rs 60 crore in Bitcoin
- Covid vaccine study to Oil India: Targets under cyber attack
- Russian Malware Used For Oil India Cyber Attack: Report
- Assam: Cyberattack in Oil India's headquarters, attackers demand over Rs 57 crore as ransom
- Oil India cyber attack: Russian malware planted from Nigeria
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.