The LockBit ransomware group has claimed responsibility for a cyber attack targeting Gran Tierra Energy, an energy company specializing in oil and gas production in Colombia and Ecuador.
Gran Tierra Energy cyber attack
The Gran Tierra Energy cyber attack has not been confirmed by the company headquartered in Calgary, Canada.
The Cyber Express reached out to Gran Tierra Energy via email, inquiring about the Gran Tierra Energy cyber attack or any suspicious activity of ransomware related to the reported security incident.
Once we receive a response from the company, we will update this report accordingly. At the time of writing, the company’s website remained accessible.
Oil and Gas industry targeted by cybercriminals
There were nearly 21 recorded global ransomware attacks launched on the oil and gas industry in 2022.
Addressing the increased targeting of this sector, an NJCCIC report stated, “The NJCCIC assesses with high confidence the cyber risk to the oil and gas industry is high and the energy sector at large is a priority target for state-sponsored threat actors, cybercriminals, and hacktivists.”
Cyber attacks on the oil and gas sector have caused financial losses and disrupted services in connected municipalities.
It triggers gasoline and diesel price hike and creates shortages across the impacted regions, the New Jersey Cybersecurity and Communications Integration Cell further added.
The Colonial Pipeline ransomware attack by the Darkside hackers group led to the disruption and halting of operations in the United States. Over 5,500 miles of pipeline which make up to 45% of the East coasts diesel, petrol, and jet fuel were shut down.
The CEO of Colonial Pipeline confirmed that he authorized the ransom payment of $4.4 million.
Mitigation effort to defeat cyber attacks on oil and gas industries
The WannaCry ransomware attack impacted over 100,000 organizations across 150 countries including a Brazilian oil company. The company had to turn off its devices to prevent further damage when it hit the systems in 2017.
Following similar ransomware attacks and their impact on critical infrastructure, the World Economic Forum launched the Cyber Resilience in Oil and Gas initiative to foster international cooperation and increase cyber resilience as a culture.
The cyber resilience initiative outlined urged organizations to use tamper-resistant field devices with better hardware security controls. Installing updates and patching vulnerabilities in oil and gas industry software is a must.
The initiative outlined the need to encrypt all devices along with embedded security and certificate pinning to detect and report duplicated devices.
Authentication and authorization were also stressed to make sure hackers do not gain access to leverage the entry to the network.
Moreover, updating the organization’s incident response plan according to the changing cyber attacks, malware, and tools is necessary to not lag behind and fall prey again. They should also employ next-generation AI-powered Firewalls to detect malicious software in the network and endpoints.
Employee training in maintaining cyber hygiene, and detecting, and reporting cyber threats is unavoidable. This needs to be backed by phishing and email security because of the gravity of cyber attacks arising from malicious emails.
