A new variant of the Shamoon malware has destroyed significant amounts of data at a UAE “heavy engineering company” and the Italian oil and gas contractor Saipem.
Shamoon is the Iranian malware that was targeted against the Saudi Arabian oil company, Saudi Aramco, in 2012 and 2016. We have no idea if this new variant is also Iranian in origin, or if it is someone else entirely using the old Iranian code base.
Merley • December 18, 2018 12:05 AM
You live in the UK and you misspell Scotland? Time for someone else to have a go indeed.
Ismar • December 18, 2018 12:14 AM
@Clive
Aren’t you afraid that we just may shoot our selves in the foot if we perform the follow-the-money analysis and publish the findings ?????
Ismar • December 18, 2018 12:26 AM
@All
“security researcher who analyzed the Shamoon files uploaded on VirusTotal told ZDNet that this is somewhat incorrect. This version of Shamoon overwrites original files with garbage data. This garbage data might look like encrypted content to an untrained eye, but it’s just random bits of information that can’t be recovered with an encryption key.”
How can you tell- anyone?
Denton Scratch • December 18, 2018 3:24 AM
@Merley
Clive suffers from word-blindness. He can’t spell his way out of a wet paper bag. We’ve all got used to it. You might call it a shibboleth – if there isn’t a spello in there somewhere, it’s probably an impostor.
POLAR • December 18, 2018 4:49 AM
“The attack crippled between 300 and 400 servers and up to 100 personal computers out of a total of about 4,000 Saipem machines, the company’s head of digital and innovation, Mauro Piasere, told Reuters”
Erich • December 18, 2018 8:03 AM
@Merley @Denton Scratch
Yeah, Merley, you can serve as a warning to others — it’s a good idea to go back through some of the archives before posting about someone. Clive is a treasure but can’t spell for sh*t!
RealFakeNews • December 18, 2018 4:19 PM
Another supporter of Clive’s typos! It wouldn’t be Clive without.
ditherer • December 25, 2018 5:36 PM
Re: Clive’s typos
I love “encumbrants”, a portmanteau of “encumbrance” and ” incumbents”.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Clive Robinson • December 17, 2018 3:18 PM
From the article,
Hmm two fairly major industry players finally showing a little caution in atribution…
Has storm Deirdre been passing through hell[1]?
In all seriousness it’s nice to see the industry developing a healthy bit of skepticism at last. Now all we have to do is start ignoring “off the record” and “anonymous sources” who are frequently pushing a political line. Reliance on such gave rise to one edge of “Yellow Journalism”.
Untill things can be firmed up the sensible thing to do would be a “follow the money” type analysis followed by a modified “SWOT” annalysis on the candidates thrown up, remembering that “political capital” can be treated like “financial capital”.
I’ve done this before, with reasonable results, but I think it’s time I let others have a go, as demonstration only goes so far on the learning curve.
Oh just remember last year the USA was for the first time in many years “a net oil exporter” it’s going to skew things a bit.
[1] Because she’s sure given Scottland the “Freezes Over” treatment…