snatch attacks Oil India Limited

Incident Date:

October 5, 2022

World map

Overview

Title

snatch attacks Oil India Limited

Victim

Oil India Limited

Attacker

Snatch

Location

, India

Assam, India

First Reported

October 5, 2022

Oil India Limited Faces Ransomware Attack

Oil India Limited (OIL), a state-run oil company in India, was recently targeted by a ransomware group identified as Snatch. The cyberattack, which took place on April 10, 2022, compromised the company's network, server, and client PCs, leading to a significant network outage. The attackers demanded a ransom of 750,000 USD (approximately Rs 57 crore) in Bitcoin.

The cyberattack, centered on OIL's headquarters in Duliajan, Assam, has been described by OIL spokesperson Tridiv Hazarika as the "biggest cyberattack in recent years." Despite the attack, the company's core operations, including drilling and production, remained unaffected. However, the disruption of business transactions resulted in considerable financial losses.

The perpetrators executed the attack using Russian malware, which was deployed from a server located in Nigeria. OIL has taken legal action by lodging an FIR with the Duliajan Police Station, invoking various sections of the Information Technology Act and Section 385 of the Indian Penal Code, which pertains to extortion.

OIL plays a crucial role in the Energy, Utilities & Waste sector, focusing on the exploration, development, and production of crude oil and natural gas. The company emphasizes operating in an efficient, safe, and environmentally responsible manner, as stated on its website.

This incident underscores the heightened vulnerabilities faced by entities in the energy sector to cyber threats. With an increasing reliance on digital technologies, the sector is more exposed to cyberattacks that can disrupt operations and inflict significant financial damages.

In the aftermath of the attack, OIL has initiated measures to recover its systems and enhance its cybersecurity posture. The company is collaborating with external cybersecurity experts and has reported the incident to law enforcement authorities.

The attack on OIL serves as a critical reminder for companies, particularly those within the energy sector, to prioritize cybersecurity. Implementing comprehensive and robust cybersecurity measures is essential to safeguard against ransomware attacks and other cyber threats.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.