News & AnalysisNewsletterSecurity

Ransomware Hits Saudi Aramco, but Nobody is Immune


Ransomware attacks are increasing in number and intensity every passing week, and the latest to join the bandwagon is Saudi Aramco, the world’s most valuable oil producer that confirmed the leaked data from the company files has been used in a cyber-extortion in which hackers demanded a $50 million ransom.

While Saudi Arabia, the world’s largest exporter of crude oil has become a target of ransomware in recent years – with Saudi Aramco itself facing one of the worst ever attacks in 2012 – companies across size or sectors continue to be victim of ransomware. A new research suggests that globally ransomware attacks have gone up by 102% this year compared to 2020.

According to Keeper Security’s 2021 Ransomware Impact Report, the entry point for about half of ransomware incidents was a phishing email, which is a frightening indication of how lack of awareness remains an Achilles heel for too many organizations.

The Cost of Ransomware
The survey found that 49% of companies targeted by a ransomware attack paid the ransom, and another 22% did not disclose whether or not they paid, indicating the real number could be much higher.

In the heat of the moment, corporate leadership feels an incredible pressure to prevent further malicious movement within their network as well as to placate customers. Cyber criminals know and depend on exploiting this frenzied state of mind.

Besides, nine out of 10 businesses noticed budgets tightening in other areas following the ransom payment, emphasizing the need for effective security measures to be put in place before an attack as there might not be funding available for it afterwards.

Darren Guccione, CEO and Co-Founder of Keeper Security believes that the aftermath of a ransomware incident is often when organizations start to prioritize cybersecurity, which isn’t a rewarding strategy.

The true cost of being targeted by a ransomware attack isn’t just financial. In fact, 83% said their organization performed major tech updates following the attack. Two-thirds of the respondents permanently lost login credentials or important documents as a result, further proving that the best time to install significant security updates is before the necessity is demonstrated.

Ransomware Stigma is Real
Ransomware attacks are especially pervasive the study says, as cyber criminals know many companies will be embarrassed to admit they were targeted and pay off the ransom as quickly as possible. More alarming is that 64% of employees felt that the ransomware attack had a negative impact on their organization’s reputation.

Guccione said, “Though highly controversial, paying the ransom is extremely common, and many of us can empathize with leadership teams who are doing their best to put out the fire. But the aftereffects of this approach can be detrimental and long lasting.”

The report too stated 87% of impacted companies enacted stricter security protocols after the attack. As Mark Cravotta, Chief Revenue Officer at Keeper Security, said, “With each new ransomware incident that makes the news, on looking companies gain a better understanding of just how financially devastating an attack can be, especially once a ransom is paid.”

“Yet, given the overwhelming prevalence of these attacks, it’s shocking to see how many employees are left in the dark until it happens to them. Investing in cybersecurity measures like multi-factor authentically (MFA), password management solutions and awareness training might seem like an unnecessary expenditure to companies with tighter budgets, but the costs pale in comparison to the ramifications of being the victim of a ransomware attack,” Cravotta said.

Most recently, Colonial Pipeline, a major US fuel company, was the victim of such an attack and in 2020, Checkpoint Research estimated that ransomware cost businesses worldwide around $20 billion – a figure that is nearly 75% higher than in 2019.

Last year, Telangana and AP Power Utilities got hacked where all the servers went down until the glitch was rectified. Since the computer systems of Telangana and Andhra Pradesh power utilities were interlinked, the virus attack quickly spread, taking down all the systems.

From time to time, organizations got hit by WannaCry, Mirai Botnet, Petya and other ransomware attacks. The research firm said that industry sectors currently experiencing the highest volumes of ransomware attack attempts globally are healthcare, with an average of 109 attacks attempts per organization every week, followed by the utilities’ sector with 59 attacks and BFSI/legal with 34.

With the development of smart cities and smart grid technologies underway, the risk of ransomware attacks will pose a big challenge for all organizations. The best way to deal with ransomware attacks is to stay protected by following healthy security practices, offering rigorous employee training and having a strong cyber security culture. Rest assured, nobody is immune to ransomware in a pandemic stricken world.

Leave a Response

Sohini Bagchi
Sohini Bagchi is Editor at CXOToday, a published author and a storyteller. She can be reached at