據7月22日BBC報道，黑客利用沙特阿美泄漏的文件，向該公司勒索5000萬美元(3650萬英鎊)。

　　要知道，長期以來，全球油氣行業一直因未能在網絡安全方面進行投資而受到批評。今年5月，美國Colonial Pipeline公司遭到勒索軟件網絡攻擊。

　　在一份電子郵件聲明中，沙特阿美表示，有可能是第三方承包商間接泄露了公司的數據，不過，這部分數據數量有限。

　　這家沙特能源巨頭沒有說明哪個承包商受到了影響，也沒有說明該承包商是否遭到了黑客攻擊，或者文件存在著其他泄露方式的可能。

　　該公司表示:“我們確認，數據泄露并非由于我們的系統遭到破壞，不會對我們的運營造成影響，公司將繼續保持強大的網絡安全態勢。”

　　據美聯社(AP)報道，沙特阿美的數據中有1萬億字節（即1000千兆字節）被勒索者持有，他們引用了暗網的一個頁面——這是加密網絡中的一部分，只有通過專門的匿名提供工具才能訪問。

　　美聯社報道稱，該頁面提出要刪除這些數據，以換取5000萬美元的加密貨幣，不過目前還不清楚誰是勒索陰謀的幕后黑手。

　　英國廣播公司要求沙特阿美澄清美聯社有關沙特阿美成為5000萬美元勒索目標的報道，沙特阿美沒有立即做出回應。

　　專家稱，石油和天然氣行業，包括擁有油井、管道和煉油廠的公司，多年來一直未能在網絡安全方面進行投資。這并不是沙特阿美第一次成為數據相關攻擊的目標。2012年，該公司的計算機網絡受到了所謂的Shamoon病毒的攻擊。

　　今年美國Colonial Pipeline公司遭遇的一次網絡攻擊，進一步突顯了能源行業計算機系統的脆弱性。

　　王佳晶 摘譯自 BBC

　　原文如下：

　　Hackers reportedly demand $50m from Saudi Aramco over data leak

　　The files are now reportedly being used in an attempt to extort $50m (￡36.5m) from the company.

　　The global oil and gas industry has long been criticised for failing to invest in cyber security.

　　In May, the Colonial Pipeline in the US was hit by a ransomware cyber-attack.

　　In an emailed statement, Aramco told the BBC that it "recently became aware of the indirect release of a limited amount of company data which was held by third-party contractors."

　　The Saudi Arabian energy giant did not say which contractor was affected nor whether the contractor had been hacked or if the files were leaked in some other way.

　　"We confirm that the release of data was not due to a breach of our systems, has no impact on our operations and the company continues to maintain a robust cybersecurity posture," the firm said.

　　According to the Associated Press (AP), one terabyte, or 1,000 gigabytes, of Aramco's data was being held by extortionists, citing a page on the darknet - a part of the internet within an encrypted network which is accessible only through specialised anonymity-providing tools.

　　The AP report said the page offered to delete the data in exchange for $50m in cryptocurrency, although it is unclear who is behind the ransom plot.

　　Aramco did not immediately respond to a BBC request for clarification over the AP report that the company was the target of a $50m extortion attempt.

　　The oil and gas industry, which includes companies that own wells, pipelines and refineries, has failed to invest in cyber-security over the years, according to experts.

　　This is not the first time Aramco has been the target of a data-related attack. In 2012, the company's computer network was hit by the so-called Shamoon virus.

　　A cyber-attack this year on the Colonial Pipeline in the US further highlighted the vulnerabilities of the energy industry's computer systems.

免責聲明：本網轉載自其它媒體的文章，目的在于弘揚石化精神，傳遞更多石化信息，并不代表本網贊同其觀點和對其真實性負責，在此我們謹向原作者和原媒體致以敬意。如果您認為本站文章侵犯了您的版權，請與我們聯系，我們將第一時間刪除。