Energy Giant Halliburton Reveals $35m Ransomware Loss

Written by

Energy services supplier Halliburton has revealed that an August ransomware breach cost the firm $35m, highlighting the major financial impact of cyber-threats.

The Dubai-headquartered multinational, which is one of the largest providers of products and services to the energy industry – especially the US fracking sector – made the disclosure in its Q3 financials.

“We experienced a $0.02 per share impact to our adjusted earnings from lost or delayed revenue due to the August cybersecurity event and storms in the Gulf of Mexico,” said Halliburton president and CEO, Jeff Miller. “Our full year expectations for free cash flow and cash return to shareholders remain unchanged, and we expect both to accelerate in the fourth quarter.”

The $35m cost of the “cybersecurity incident” pales in comparison to the $5.7bn in revenue generated by the company in the three months to September 30. However, it’s proof of the continued financial risks posed by ransomware.

Read more on ransomware losses: Ransomware Costs Financial Services $32bn in Five Years

The firm notified the SEC at the end of August that “an unauthorized third party gained access to certain of its systems” on August 21.

“When the company learned of the issue, the company activated its cybersecurity response plan and launched an investigation internally with the support of external advisors to assess and remediate the unauthorized activity,” it noted at the time.

“The company’s response efforts included proactively taking certain systems offline to help protect them and notifying law enforcement. The company’s ongoing investigation and response include restoration of its systems and assessment of materiality.”

However, a further Form 8-K filing a little over a week later revealed that the incident was more serious than at first thought.

“The incident has caused disruptions and limitation of access to portions of the company’s business applications supporting aspects of the company’s operations and corporate functions,” it said. “The company believes the unauthorized third party accessed and exfiltrated information from the company’s systems.”

It’s believed the RansomHub group was responsible for the attack, although it’s not clear what information they stole and whether any of the $35m in losses stem from a ransom payment or are related to the cost of operational disruption, incident response and recovery.

Image credit: JHVEPhoto / Shutterstock.com

What’s hot on Infosecurity Magazine?