A source at RasGas tells us that its computer systems have yet to fully recover from the virus attack that hit the company more than a week ago on Aug. 27.
Though the company has declined to provide an official update, we are told that it “may take weeks” for systems to be fully functioning again.
A company spokesperson told Doha News at the time of the attack that administrative services like email were affected, but that LNG production in Ras Laffan and cargo deliveries are continuing as usual.
According to internet security firm Symantec, the attack is part of an increase in cybercrime in the region:
“One contributing factor is that attack toolkits are now more readily available on the black market,” a spokeswoman told Doha News.
“These toolkits are cheap and make it easier for even less advanced cybercriminals to put together attacks that can cause serious issues for their targets. Another reason that there could be a rise looking forward is due to the popularity and the interest that these attacks receive.”
As to when an attack like the one RasGas faces could be overcome:
“It depends on the number of machines that have been compromised and the damage to the system, but it could take weeks to recover from a large scale targeted attack that is affecting a large number of machines,” the spokeswoman said.
It took nearly two weeks for Saudi Aramco to recover from a similar attack that incapacitated its internal computer networks on Aug. 15, which infected some 30,000 workstations.
That attack was claimed by a group calling itself the “Cutting Sword of Justice,” which said it was targeting the Al-Saud ruling family of Saudi Arabia for “atrocities taking place in… Syria, Bahrain, Yemen, Lebanon [and] Egypt.”
An article by Dow Jones newswire – published in the Wall Street Journal – claims that the virus which is believed to have been used to attack Aramco, Shamoon, was also used in the attack on RasGas.
It’s not clear, however, if the two attacks on Aramco and RasGas were carried out by the same group. And some analysts told AP that Iran might be behind the attacks.
Security firm Symantec, quoted by the BBC, describes the effect of the Shamoon virus:
“It is a destructive malware that corrupts files on a compromised computer and overwrites the MBR (Master Boot Record) in an effort to render a computer unusable. Once infected, the machines’ data is wiped. A list of the wiped files is then sent back to the initially infected computer, and in turn passed on to the attacker’s command-and-control centre.”
Meanwhile, we wonder what life is like for RasGas staff without email.
Credit: Photo of Ras Laffan Industrial City courtesy of Shell