Suncor, one of North America’s largest energy companies, recently fell victim to a cyberattack, disrupting services at Petro-Canada gas stations. Suncor, based in Canada, operates various refineries and produces oil across North America, owning more than 1,800 Petro-Canada retail and wholesale locations.
The aftermath of the attack
Suncor acknowledged the cybersecurity incident on June 25, warning of possible impacts on transactions with suppliers and customers. They’ve enlisted the aid of third-party experts to expedite their investigation and response and have alerted relevant authorities about the incident.
Suncor assured that currently, they’ve found no evidence that the data of customers, suppliers, or employees has been compromised or misused in light of the situation. On the following day, Petro-Canada communicated via Twitter about the ongoing cooperation with Suncor in response to the cybersecurity incident.
They cautioned customers about potential unavailability of certain services, including credit card payments and car washes. They also informed users of their loyalty program about possible access issues on their app and website.
Ransomware: A common threat?
At this point, it remains uncertain whether a ransomware attack has caused these disruptions. Such attacks typically involve encryption of the victim’s files and/or data theft by cybercriminals.
Last year, a similar ransomware attack targeted the American oil pipeline system, Colonial Pipeline, resulting in significant disruptions and data theft. The company had to pay millions to the attackers. Suncor hasn’t yet clarified whether ransomware was involved in this incident or if they received any ransom demands.
The current scenario reflects a growing threat to energy organizations, with malicious actors seen selling access to firms, including oil and gas companies, on cybercrime forums.
As this story develops, we’d love to hear your thoughts on the matter. How do you think this incident will impact the energy sector and the measures it needs to take for cybersecurity? Please share your views in the comments section below.