Cyberattack hits Oil India field headquarters, probe on
The scale of the systems affected was not immediately clear but a representative, who confirmed the incident, said systems connected to production and drilling were not affected
Computers at Oil India Limited’s (OIL) field headquarters in Assam Duliajan were locked out after a ransomware attack, according to a copy of the police case lodged by the state-run refiner, which also said the group behind the cyber attack sought $7.5 million (over ₹57 crore) in Bitcoin to restore access.
Duliajan is the headquarters for OIL, the country’s second-largest oil and gas company that is run by the government. The scale of the systems affected was not immediately clear but a representative, who confirmed the incident, said systems connected to production and drilling were not affected.
“There has been a cyberattack in which some of our systems and few servers in Duliajan office were affected. As a precautionary measure, we are putting some of our systems down and got into restoration exercise,” said OIL public relations officer Tridiv Hazarika.
Cybersecurity experts have been brought in to help restore the network, the official added.
The problem was noticed on Sunday afternoon when employees who were working noticed some computers began experiencing outages. The IT support team detected the problem as a malware attack and took affected computers off of the local area network.
“We have employed an international cyber security expert to devise a way to reboot and restore our systems. We are doing it in a phased manner and should be over in next 4-5 days,” Hazarika added.
Ransomware is a malware that encrypts all data of a computer with a key that only the attackers behind it have access to. Such attacks typically are aimed to extort money but when critical infrastructure and industry such as refineries are targeted, there can be broader risks. Groups typically threaten to leak data they have accessed in order to strongarm their targets into paying up.
Hazarika said a case has been lodged with the local police in Duliajan to look into the attack.
The first information report (FIR) of the case, which HT has seen, mentioned that the malware hit one of workstations of the geology and reservoir (G&R) department.
“After their (IT department’s) preliminary investigation, it came to notice that OIL’s network, server and clients PCs are facing network outage. Further it also came to notice that the cyber attacker has demanded 7,500,000 USD as ransom through a note from the infected PC,” the FIR read.
“OIL is a public sector undertaking company and due to this cyber-attack of ransomware, OIL and government exchequer has incurred huge financial loss as business through IT has been seriously affected,” the FIR added.
Dibrugarh district superintendent of police Shwetank Mishra informed that while OIL has already engaged technical consultants to find origin of the malware, a CID team would reach Duliajan to start investigations of their own.
“Thankfully there has been no impact on our production and drilling activities. These activities, which are not heavily reliant on IT resources, are functioning normally,” said Hazarika.
“The software which handles the key business functions of OIL in Duliajan like payments to vendors and contractors also hasn’t been affected and is functioning as usual,” he added while assuring stakeholders and shareholders that all of OIL’s data is secure.