Scribd
Upload
61 views3 pages

Shamoon Malware Attacks Aramco: Who, What, When, Where?

The document summarizes a malware attack on Saudi Aramco in August 2012 called Shamoon. Shamoon malware wiped or destroyed over 35,000 of Aramco's computers, taking the company offline and almost two weeks to restore the system. The attack began on August 15, 2012 at 11:08 am and is believed to have been carried out by the Cutting Sword of Justice, a group suspected to have ties to Iran. It crippled Aramco's operations and required immense resources to recover from.

Uploaded by

zahra alsayed
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
61 views3 pages

Shamoon Malware Attacks Aramco: Who, What, When, Where?

The document summarizes a malware attack on Saudi Aramco in August 2012 called Shamoon. Shamoon malware wiped or destroyed over 35,000 of Aramco's computers, taking the company offline and almost two weeks to restore the system. The attack began on August 15, 2012 at 11:08 am and is believed to have been carried out by the Cutting Sword of Justice, a group suspected to have ties to Iran. It crippled Aramco's operations and required immense resources to recover from.

Uploaded by

zahra alsayed
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

ANOTHER DAY ANOTHER ATTACK

Who, What, When, Where?


So, what happened? 😊

Shamoon Malware Attacks


ARAMCO
35,000+ computers were wiped or destroyed. Restoring the
system took Aramco almost Two Weeks.
When?
The attack begun 11:08 am, Wednesday, Aug. 15,2012.

How it happened?
Shamoon is destructive wiper malware. Shamoon was the most
famous wiper so far

Shamoon Process:
1- Drop
o Insider used a USB.
o Spam Mail.
2- Wipe
o Wipe for Specific files
o Delete Traces
o Overwrite files
o Delete MBR (Master Boot Record)
3- Report
Aug. 2012, Aramco employees noticed their computers were
acting weird. Flickering screens, disappearing files, and shutting
down. As a result, the company goes offline !!
Kubecka, a Cybersecurity consultant was hired to help secure
Aramco, said that the automated processes were steady unlike
the others. Aramco stopped selling oil to domestic gas tank
trucks. After 17 days, the corporation relented and started giving
oil away for free to keep it flowing within Saudi Arabia.
"It was a massive army of IT people. I've never seen anything
like that in my life," Kubecka said.
Aramco flew representatives directly to computer factory floors
in to purchase every computer hard drive currently on the
manufacturing line (50,000 hard drives)
Kubecka said the company paid higher prices to cut in line
ahead of every computer company in the world, temporarily
halting hard drive supplies to everyone else. 
Five months later, Aramco brought its system back online.
"An attack of that size would have easily bankrupted a smaller
corporation" Kubecka said.

Who did it?


o Cutting Sword of Justice
o USA
o Iran

You might also like