WannaCry-sis? Energy industry dodges cyber bullet... for now

Add bookmark

Tim Haïdar

Lady Luck smiles as vulnerable oil and gas industry is spared from world's biggest cyber attack.

Oil jumped by two per cent on the global markets after the Organisation of Petroleum Exporting Countries (Opec) and Russia agreed to extend a regime of production cuts until Q1 2018.

As a barrel of the black stuff hit $52 in Monday trading, the industry may have also heaved a huge collective sigh of relief.

Barely 48 hours before Asia opened for business, the world was reeling from the onslaught of a massive, pan-global cyber attack.

Initial investigations uncovered as many as 45,000 separate “ransomware” attacks across 100 countries. By Monday morning, that stood at 200,000 computers in 150 countries with the number likely to rise as people opened their emails.


Victims of the so-called “WannaCry” ransomware included telecoms giants Megafon (MCX:MFON) and Telefónica (NYSE:TEF), the Russian interior ministry, automaker Renault (EPA:RNO) and 61 institutions in the United Kingdom’s state-run National Health Service.

Ransomware is a type of malicious software that blocks a user’s access to data until a ransom is paid to the attacker. Despite the vast scope of the infection, only $46,000 in ransom has been paid since the attack developed.

Given the fact that sectors from government to healthcare have been affected by WannaCry, the global oil and has industry seems to have dodged a cyber bullet.

At Oil and Gas IQ, we have been monitoring the cyber threat with our partners in industry for the past half-decade.  In the last three years, we have been actively surveying the cyber landscape and reporting on the lamentable state of preparedness in the IT/OT domain.

In our 2016 edition, Digital Trenches - On The Front Lines Of The Cyber War, we uncovered that despite 40 per cent of companies suffering more than three serious security breeches in a twelve month period, only one in four actually had an incident response plan in place to deal with an adverse event.

This is despite high-profile companies like Saudi Aramco suffering from their third bout of the aggressive, data-deleting malware, Shamoon, in the past five years.

Whilst the unplanned shutdown of an auto plant is an imposition to business, and the postponement of medical procedures is possibly life-changing, the shutdown of a national grid or meltdown of a power plant could cripple an entire society.       

It seems as if the energy community has ducked this particular punch, it was not thrown explicitly in its direction. Had it been, the statistics would show that it may be lying on the canvas haemorrhaging dollars.