How Saudi Aramco recovered from a cyber attack
Reports say Aramco reverted to working with typewriters and fax machines while contending a 2012 cyber attack which threatened its data and intelligence
Saudi Aramco, Kingdom of Saudi Arabia's national oil company, and the world's largest exporter of crude oil, struggled to maintain its records and infrastructure three years ago, when a cyber attack was launched on its systems, it has been reported.
"No emails, no phones, nothing", was used by the company during the period, said Chris Kubecka, the consultant who was brought in to set up a security operation after the cyber attack.
Cyber security website, darkreading.com, reported on Saturday, 8 August, 2015, that "malware partially wiped or totally destroyed the hard drives of 35,000 Aramco computers" three years ago.
Saudi Aramco employees reportedly noticed "something was wrong" on 15 August, 2012, after files disappeared and computers started to fail, the report continued.
"Every office was physically unplugged from the Internet, taking the company offline and isolating it from the rest of the world," the report added.
"The IT shutdown meant all the payment systems were affected. There were miles of gasoline tank trucks that needed refills, but could not get paid," the report cited Kubecka.
"With this attack, 10% of the world's supply was at risk," she reportedly added.
The company worked off the internet after the attack, during its recovery period.
Oil production, including drilling and pumping, remained unaffected since they were automated, the report continued.
However, all other business operations were carried out through "old-school" methods: "Everything was on paper, whether it was managing supplies, tracking shipment, or handling contracts with partners and governments.
"Employees used typewriters and fax machines. The IT staff had to figure out where to go to buy the fax machines, she said", the darkreading.com report continued.
Aramco's recovery efforts included the assembly of a highly qualified team of international and domestic cyber security experts, Kubecka reportedly said.
The company was back online five months after the attack, the report continued.