Ransomware
Halliburton cyberattack (RansomHub)
Primary Source βIncident Details
RansomHub (ransomware-as-a-service operation, launched February 2024) attacked Halliburton. Detected 21 August 2024; SEC 8-K filed 23 August 2024. Production planning and shipment tracking tools inaccessible for several days. Sensitive proprietary oilfield data and blueprints exfiltrated. Financial losses: $35 million in remediation costs. RansomHub uses hybrid AES/ChaCha20 + Curve25519 encryption. The group counts former BlackCat and LockBit affiliates among operators.
Technical Details
- Initial Attack Vector
- CWE-798: Use of Hard-coded Credentials / phishing (phishing emails delivering malicious links; subsequent credential theft and lateral movement)
- Vendor / Product
- Halliburton (oilfield services)
- Malware Family
- RansomHub ransomware
Timeline
- 2024-08-21 Breach occurred
- 2024-08-23 Publicly disclosed
- 2024-09-03 Customers notified