US oil giant Halliburton on Thursday confirmed its computer systems were hit by a cyberattack that continues to affect operations at its Houston, Texas offices.
Halliburton, considered the world’s second largest oil service company, has engaged with external experts to investigate and mitigate the threat, according to a Reuters news report.
Technical details on the breach remain scarce but the compromise has all the hallmarks of a typical ransomware attack where sensitive data is encrypted and used in multi million-dollar extortion demands.
Reuters said the Halliburton cyberattack impacted the company’s north Houston campus, as well as some global connectivity networks.
In a statement sent to SecurityWeek, a Halliburton spokesperson said: “We are aware of an issue affecting certain company systems and are working diligently to assess the cause and potential impact. We have activated our preplanned response plan and are working internally, and with leading external experts, to remediate the issue.”
In a filing with the SEC on Friday, Halliburton said that on August 21, 2024, the company became aware that an unauthorized third party gained access to certain of its systems.
“When the Company learned of the issue, the Company activated its cybersecurity response plan and launched an investigation internally with the support of external advisors to assess and remediate the unauthorized activity,” the filing reads. “The Company’s response efforts included proactively taking certain systems offline to help protect them and notifying law enforcement. The Company’s ongoing investigation and response include restoration of its systems and assessment of materiality.”
Halliburton employs about 55,000 though hundreds of subsidiaries, affiliates and brands in more than 70 countries.
The oil and gas industry has been a lucrative target for ransomware actors that use leak sites to shame victim organizations into paying ransom demands. Back in 2021, Colonial Pipeline confirmed it shelled out $4.4 million to purchase a decryption key to recover from the disruptive ransomware attack that caused gasoline shortages in parts of the United States.
*Updated August 23, 2024 with details from SEC filing
Related: Colonial Pipeline Confirms Personal Information Impacted in Cyberattack
Related: US Recovers Most of Ransom Paid in Colonial Pipeline Hack
Related: Colonial Pipeline CEO Explains $4.4M Ransomware Payment