{"id":118,"date":"2024-08-30T11:22:46","date_gmt":"2024-08-30T11:22:46","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=118"},"modified":"2024-08-30T11:22:46","modified_gmt":"2024-08-30T11:22:46","slug":"ransomware-feared-in-the-cyberattack-on-us-oil-services-giant","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=118","title":{"rendered":"Ransomware feared in the cyberattack on US oil services giant"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

The August 21 cyberattack on the US oilfield services contractor Halliburton is now feared to be a ransomware <\/a>attack, according to an email reportedly sent to the company\u2019s suppliers.<\/p>\n

BleepingComputer accessed a copy of an email sent and reported that they had been able to confirm one of the indicators of compromise (IOCs) shared within the email \u201cto be a RansomHub ransomware encryptor.\u201d<\/p>\n

Halliburton is one of the biggest oil service companies globally, responsible for most of the world\u2019s largest fracking operations.<\/p>\n

RansomHub encrypter found<\/h2>\n

The analysis of IOCs shared in the email, containing filenames and IP addresses, reportedly revealed a Windows executable named maintenance.exe, <\/em>the one confirmed to be a RansomHub encryptor.<\/p>\n

The connection, however, had already been made in several social media rumors <\/a>but no evidence had yet been presented. Emails sent to Halliburton by CSO for comments did not elicit a response at the time of publishing this article.<\/p>\n

\u201cWe are reaching out to update you about a cybersecurity issue affecting Halliburton,\u201d said the email to suppliers. \u201cAs soon as we learned of the issue, we activated our cybersecurity response plan and took steps to address it, including (1) proactively taking certain systems offline to help protect them, (2) engaging the support of leading external advisors, including Mandiant, and (3) notifying law enforcement.\u201d<\/p>\n

Incidentally, the FBI and CISA have released a joint advisory<\/a> on the Ransomhub Ransomware variant, calling it a formidable service model attracting high-profile affiliates from other prominent variants such as LockBit<\/a> and ALPHV.<\/p>\n

\u201cSince its inception in February 2024, RansomHub has encrypted and exfiltrated data from at least 210 victims representing the water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services, commercial facilities, critical manufacturing, transportation, and communications critical infrastructure sectors,\u201d CISA added in the advisory.<\/p>\n

Halliburton sent into shutdown<\/h2>\n

The cyberattack had pushed Halliburton to shut down a few of its systems while it investigated the incident, according to the company\u2019s SEC filing<\/a>. Generating invoices and purchasing orders was temporarily affected but a workaround has since been made available, according to the email.<\/p>\n

\u201cOn August 21, 2024, Halliburton Company became aware that an unauthorized third party gained access to certain of its systems,\u201d the oilfield services giant said in the filing. \u201cThe Company\u2019s response efforts included proactively taking certain systems offline to help protect them and notifying law enforcement.\u201d Additionally, the company launched an internal investigation with the \u201csupport of external advisors to assess and remediate the unauthorized activity\u201d, the filing added.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

The August 21 cyberattack on the US oilfield services contractor Halliburton is now feared to be a ransomware attack, according to an email reportedly sent to the company\u2019s suppliers. BleepingComputer accessed a copy of an email sent and reported that they had been able to confirm one of the indicators of compromise (IOCs) shared within […]<\/p>\n","protected":false},"author":1,"featured_media":119,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-118","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/118"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=118"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/118\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/119"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=118"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=118"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=118"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}