SiegedSec hacker group has claimed US business Murphy Oil Corporation as a victim. The oil and natural gas exploration and production company has a focused portfolio of onshore and offshore assets. The hacking gang posted the notification on 17 March.
Murphy Oil Corporation is investigating a cyber incident that occurred Sunday, April 16, which has not impacted operations or the integrity of its cyber security controls,” a Murphy Oil Corporation replied to our request for comments.
The ransom note comes days after Murphy Oil declared a quarterly cash dividend on the common stock of the company.
SiegedSec was in the cybersecurity news recently for hacking software company Atlassian. The hackler group disclosed details including the about PII of 13,000 employees and even the company’s floorplans and information.
Though Atlassian conceded that the attack happened, it has claimed that the number of employees claimed by the hacker group was far-fetched.
SiegedSec hacker group and Murphy Oil
“Murphy Oil Corporation, a $6billion company based in the U.S, has been eaten by SiegedSec!” claimed the hacker site post. Terming this as “a small leak”, the hackers said they took “pleasure in messing with” the company.
According to the post by the SiegedSec hacker group, the leak includes reports and information on their employees such as emails, names, departments, and even vehicle information. The data has been uploaded on an anonymous file sharing portal.
Considering the timing of the attack, the declared objective of taking “pleasure in messing with” the company seems dubious.
Truist, a leading financial services provider, recently rated Murphy Oil as a company with sound financials and solid prospectives.
The report highlights that Murphy Oil has successfully reduced its capital expenditure by 20%, while achieving a 10% increase in production. This is a remarkable achievement for the company as many of its peers have struggled to balance their output with capital expenditure.
According to the report, the company has been able to achieve this through a focus on its core assets, such as the Eagle Ford Shale and the Gulf of Mexico. Murphy Oil’s management team has also implemented a disciplined capital allocation strategy that has prioritized high-return projects.
The Truist report further states that Murphy Oil has a strong balance sheet, with ample liquidity and low leverage, which positions it well for future growth opportunities.
The report also highlights the company’s commitment to environmental, social, and governance (ESG) practices, which is becoming increasingly important to investors.
SiegedSec, hacker groups, and extortion
SiegedSec hacker group is a sophisticated and well-organized hacking group that employs a variety of tactics, including social engineering, phishing attacks, and the use of malware and other forms of malicious software, noted an analysis by cybersecurity company DarkOwl.
DarkOwl notes that SiegedSec hacker group has developed a reputation among cybercriminals as a reliable source of high-quality data, which has contributed to its success.
The unanimous agreement among researchers, practitioners, and legal professionals is to not pay ransom, due to its illegality in many regions and the fact that it funds criminal activity.
As European Cyber Risk Officer at Armis, Andy Norton, stated to The Cyber Express, paying ransom is not advisable, as it is naive to trust criminals not to make the incident public. Nevertheless, some individuals justify ransom payments as a means to quickly restore life-saving or critical services.
Governments support this consensus and refuse to pay ransomware, with legal assistance. In 2020, the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) and the Financial Crimes Enforcement Network (FinCEN) declared that the majority of ransom payments are unlawful.
Similarly, the European Union (EU) has adopted a comparable approach to “critical services” and has broadened the Security of Network and Information Systems Directive (NIS Directive), which enables EU member states to impose penalties for ransom payments.