Saudi Aramco, the world’s largest oil producer, confirmed on Wednesday that some of its company files had been leaked via a contractor, after a cyber extortionist claimed to have seized troves of its data last month and demanded a $50m ransom from the company.

The Saudi Arabian Oil Co., better known as Saudi Aramco, told The Associated Press that it “recently became aware of the indirect release of a limited amount of company data which was held by third-party contractors.”

The oil firm did not say which contractor found itself affected nor whether that contractor had been hacked or if the information leaked out another way.

“We confirm that the release of data was not due to a breach of our systems, has no impact on our operations and the company continues to maintain a robust cybersecurity posture,” Aramco said.

The extortionist held 1 terabyte worth of Aramco data, AP found as it accessed the information on the darknet hosted within an encrypted network, which it said it accessed via 'specialized anonymity-providing tools.'

The hacker said it had obtained information on the location of oil refineries, as well as payroll files and confidential client and employee data.

In another post, the perpetrator offered to delete the data if Aramco paid up $50m in a niche cryptocurrency Monero, which is particularly difficult for authorities to trace. The post also offered prospective buyers the chance to purchase the data for about $5m.

The security vulnerabilities of energy companies and pipelines in particular have fallen under the spotlight recently after the hack of the Colonial Pipeline in the US earlier this year resulted in fuel shortages across the east coast of the country.

It was unclear who was behind the Aramco incident. Cyber researchers noted that the attack did not appear to be part of a ransomware campaign.

Instead, the hacker appeared to have seized a copy of the data without using malware, and set up dark web profiles to telegraph its activities.

Image Source: AP/Unslpash