The Ras Laffan Liquefied Natural Gas Co, generally known as RasGas, has been taken off-line following a major virus attack. News of the attack began to emerge on Monday, but few details are yet known. Emails bounce and the website is down.
On Tuesday the company started to inform its suppliers. A fax dated 28 August, according to Arabian Oil and Gas, states: “RasGas is presently experiencing technical issues with its office computer systems. We will inform you when our system is back up and running.” Since then the company has said that the difficulties are confined to its office systems. Production is not affected and all staff are reporting for work.
Comparison with last week’s attack against Aramco is inevitable. In that attack Aramco suffered damage to 30,000 PCs, although Aramco claims the PCs have now been recovered. The Shamoon virus is widely believed to be the culprit, although the attackers and their motives are not clear. Shamoon has data stealing capabilities but then attempts to clear its tracks by wiping the computer’s hard drive and making it unusable.
Shamoon has been compared to the Wiper cyberweapon, but Kaspersky has dismissed it as a poor copy. Nevertheless, cyber conflict analyst Jeffrey Carr believes that Shamoon may be a politically motivated cyberweapon, and that Iran might be behind it. “It is the only nation with access to the original Wiper virus from which Shamoon was copied,” he claims, adding that Iran may be motivated by Aramco’s decision to increase oil production to off-set the oil embargo against Iran.
If Carr is correct, then Qatar could be another politically motivated attack. At this point, however, it should be stressed that there are no technical details of the virus used against RasGas, and we will need to wait for the analyses of the anti-malware researchers to learn more.