How Saudi Aramco recovered from a cyber attack

Reports say Aramco reverted to working with typewriters and fax machines while contending a 2012 cyber attack which threatened its data and intelligence

Saudi Aramco's cyber systems were attacked three years ago. [Representational Image]
Saudi Aramco's cyber systems were attacked three years ago. [Representational Image]

Saudi Aramco, Kingdom of Saudi Arabia's national oil company, and the world's largest exporter of crude oil, struggled to maintain its records and infrastructure three years ago, when a cyber attack was launched on its systems, it has been reported.

"No emails, no phones, nothing", was used by the company during the period, said Chris Kubecka, the consultant who was brought in to set up a security operation after the cyber attack.

Cyber security website,, reported on Saturday, 8 August, 2015, that  "malware partially wiped or totally destroyed the hard drives of 35,000 Aramco computers" three years ago. 

Saudi Aramco employees reportedly noticed "something was wrong" on 15 August, 2012, after files disappeared and computers started to fail, the report continued. 

"Every office was physically unplugged from the Internet, taking the company offline and isolating it from the rest of the world," the report added. 

"The IT shutdown meant all the payment systems were affected. There were miles of gasoline tank trucks that needed refills, but could not get paid," the report cited Kubecka. 

"With this attack, 10% of the world's supply was at risk," she reportedly added. 

The company worked off the internet after the attack, during its recovery period.

Oil production, including drilling and pumping, remained unaffected since they were automated, the report continued. 

However, all other business operations were carried out through "old-school" methods: "Everything was on paper, whether it was managing supplies, tracking shipment, or handling contracts with partners and governments.

"Employees used typewriters and fax machines. The IT staff had to figure out where to go to buy the fax machines, she said", the report continued.

Aramco's recovery efforts included the assembly of a highly qualified team of international and domestic cyber security experts, Kubecka reportedly said. 

The company was back online five months after the attack, the report continued. 

Most popular


Deadline approaches for CW Oman Awards 2020 in Muscat
You have until 20 January to submit your nominations for the ninth edition of the


CW In Focus | Inside the Leaders in KSA Awards 2019 in Riyadh
Meet the winners in all 10 categories and learn more about Vision 2030 in this
CW In Focus | Leaders in Construction Summit UAE 2019
A roundup of Construction Week's annual summit that was held in Dubai this September

Latest Issue

Construction Week - Issue 765
Jun 29, 2020