August 31, 2012

Energy Company RasGas Is Infected With Shamoon Virus

Michael Harper for — Your Universe Online

At the beginning of this week, the world´s largest oil company had announced all of their systems were back online following a cyber attack which occurred several days prior.

Now, a second energy company has found a virus in their computer network, further raising concern about cyber security, especially in the energy sector.

According to Reuters, RasGas, the world´s second largest liquified natural gas exporter, has been attacked with an unknown virus and their websites have been down, as well.

“The company´s office computers have been affected by an unknown virus “¦ It was first identified on Monday,” said the LNG producer in a statement. RasGas is only one of two Qatari LNG producers.

“Operational systems both onsite and offshore are secure and this does not affect production at the Ras Laffan Industrial City plant or scheduled cargoes.”

Some sources are now beginning to say the same type of virus used against Aramco could have been used against neighboring RasGas as well. So far, RasGas´ email servers and website has been affected by this attack. When emails are sent to RasGas, they are immediately sent back, and attempting to open the RasGas page at, a failed to open page error is reached. When asked, a spokesperson for RasGas was unable to say if these email and website errors were a result of proactive steps taken by the company to protect themselves or a result of the attacks themselves. RasGas´ parent company, Qatar Petroleum, has said they have not been affected by the virus.

According to the BBC, both the attacks against Aramco and RasGas come shortly after security firms had issued alerts about a virus called "Shamoon" or "Disstrack” which was designed specifically to target energy companies.

Shamoon/Disstrack works different from other viruses in that it opts to permanently delete important data, rather than steal it. This virus then travels from computer to computer inside the network by exploiting any shared hard drives.

Shamoon/Disstrack is one example of a new style of virus that is used to specifically target companies, industries and nations.

According to James Herron, the EMEA nervy News Editor at Dow Jones Newswire and the Wall Street Journal, the same virus was used in both attacks against these energy companies.

Taking to Twitter, Herron said, "Sources tell us the virus that shut down RasGas computers is also Shamoon, the virus widely believed to have hit Aramco earlier this month."

A group which calls themselves the Cutting Sword of Justice took responsibility for the Aramco attack, saying they sent out the virus to destroy more than 30,000 Aramco computers in protest of their support of government oppression in neighboring countries.

“This is a warning to the tyrants of this country and other countries that support such criminal disasters with injustice and oppression,” said the Cutting Swords in a statement.

“We invite all anti-tyranny hacker groups all over the world to join this movement. We want them to support this movement by designing and performing such operations, if they are against tyranny and oppression.”

Later, the group also confirmed they had used Shamoon in the attack.