據(jù)7月22日BBC報(bào)道，黑客利用沙特阿美泄漏的文件，向該公司勒索5000萬(wàn)美元(3650萬(wàn)英鎊)。

　　要知道，長(zhǎng)期以來(lái)，全球油氣行業(yè)一直因未能在網(wǎng)絡(luò)安全方面進(jìn)行投資而受到批評(píng)。今年5月，美國(guó)Colonial Pipeline公司遭到勒索軟件網(wǎng)絡(luò)攻擊。

　　在一份電子郵件聲明中，沙特阿美表示，有可能是第三方承包商間接泄露了公司的數(shù)據(jù)，不過(guò)，這部分?jǐn)?shù)據(jù)數(shù)量有限。

　　這家沙特能源巨頭沒(méi)有說(shuō)明哪個(gè)承包商受到了影響，也沒(méi)有說(shuō)明該承包商是否遭到了黑客攻擊，或者文件存在著其他泄露方式的可能。

　　該公司表示:“我們確認(rèn)，數(shù)據(jù)泄露并非由于我們的系統(tǒng)遭到破壞，不會(huì)對(duì)我們的運(yùn)營(yíng)造成影響，公司將繼續(xù)保持強(qiáng)大的網(wǎng)絡(luò)安全態(tài)勢(shì)。”

　　據(jù)美聯(lián)社(AP)報(bào)道，沙特阿美的數(shù)據(jù)中有1萬(wàn)億字節(jié)（即1000千兆字節(jié)）被勒索者持有，他們引用了暗網(wǎng)的一個(gè)頁(yè)面——這是加密網(wǎng)絡(luò)中的一部分，只有通過(guò)專門的匿名提供工具才能訪問(wèn)。

　　美聯(lián)社報(bào)道稱，該頁(yè)面提出要?jiǎng)h除這些數(shù)據(jù)，以換取5000萬(wàn)美元的加密貨幣，不過(guò)目前還不清楚誰(shuí)是勒索陰謀的幕后黑手。

　　英國(guó)廣播公司要求沙特阿美澄清美聯(lián)社有關(guān)沙特阿美成為5000萬(wàn)美元勒索目標(biāo)的報(bào)道，沙特阿美沒(méi)有立即做出回應(yīng)。

　　專家稱，石油和天然氣行業(yè)，包括擁有油井、管道和煉油廠的公司，多年來(lái)一直未能在網(wǎng)絡(luò)安全方面進(jìn)行投資。這并不是沙特阿美第一次成為數(shù)據(jù)相關(guān)攻擊的目標(biāo)。2012年，該公司的計(jì)算機(jī)網(wǎng)絡(luò)受到了所謂的Shamoon病毒的攻擊。

　　今年美國(guó)Colonial Pipeline公司遭遇的一次網(wǎng)絡(luò)攻擊，進(jìn)一步突顯了能源行業(yè)計(jì)算機(jī)系統(tǒng)的脆弱性。

　　王佳晶 摘譯自 BBC

　　原文如下：

　　Hackers reportedly demand $50m from Saudi Aramco over data leak

　　The files are now reportedly being used in an attempt to extort $50m (￡36.5m) from the company.

　　The global oil and gas industry has long been criticised for failing to invest in cyber security.

　　In May, the Colonial Pipeline in the US was hit by a ransomware cyber-attack.

　　In an emailed statement, Aramco told the BBC that it "recently became aware of the indirect release of a limited amount of company data which was held by third-party contractors."

　　The Saudi Arabian energy giant did not say which contractor was affected nor whether the contractor had been hacked or if the files were leaked in some other way.

　　"We confirm that the release of data was not due to a breach of our systems, has no impact on our operations and the company continues to maintain a robust cybersecurity posture," the firm said.

　　According to the Associated Press (AP), one terabyte, or 1,000 gigabytes, of Aramco's data was being held by extortionists, citing a page on the darknet - a part of the internet within an encrypted network which is accessible only through specialised anonymity-providing tools.

　　The AP report said the page offered to delete the data in exchange for $50m in cryptocurrency, although it is unclear who is behind the ransom plot.

　　Aramco did not immediately respond to a BBC request for clarification over the AP report that the company was the target of a $50m extortion attempt.

　　The oil and gas industry, which includes companies that own wells, pipelines and refineries, has failed to invest in cyber-security over the years, according to experts.

　　This is not the first time Aramco has been the target of a data-related attack. In 2012, the company's computer network was hit by the so-called Shamoon virus.

　　A cyber-attack this year on the Colonial Pipeline in the US further highlighted the vulnerabilities of the energy industry's computer systems.

免責(zé)聲明：本網(wǎng)轉(zhuǎn)載自其它媒體的文章，目的在于弘揚(yáng)石化精神，傳遞更多石化信息，并不代表本網(wǎng)贊同其觀點(diǎn)和對(duì)其真實(shí)性負(fù)責(zé)，在此我們謹(jǐn)向原作者和原媒體致以敬意。如果您認(rèn)為本站文章侵犯了您的版權(quán)，請(qǐng)與我們聯(lián)系，我們將第一時(shí)間刪除。