Halliburton Confirms the Recent RansomHub Cyberattack Resulted in Data Exfiltration

• U.S. oilfield services company Halliburton suffered a cyberattack in August that impacted business applications.
• The RansomHub ransomware-claimed attack is confirmed to have stolen unspecified company data.
• While an investigation is ongoing, material impact is not anticipated.

American Halliburton oilfield services giant disclosed on Tuesday that a data breach in August led to unauthorized access and removal of information from its systems, the latest Reuters report said. Hackers gained unauthorized access to Halliburton's systems and extracted unspecified data.

Halliburton has activated its cybersecurity response plan, and Google’s incident response firm Mandiant is investigating the breach. The company is evaluating the nature and scope of the stolen information but presently does not anticipate a material impact from the breach.

This cyberattack was caused by the RansomHub ransomware, a ransomware-as-a-service (RaaS) payload that overlaps ALPHV (BlackCat) and Knight Ransomware. 

It disrupted some of the company’s global networks and its north Houston campus business operations, affecting Halliburton's business applications and resulting in limited access to certain functions. Following the news, Halliburton's shares saw a premarket decline of 1.1%.

This marks another cyberattack targeting the U.S. energy sector, which has faced multiple cyberattacks, including ransomware incidents in recent years. In 2021, Colonial Pipeline was compelled to pay a $4.4 million ransom following a significant cyber breach.

The recent Patelco Credit Union breach was attributed to the RansomHub ransomware group. On August 15, 726,000 customers’ data leaked on the group's extortion portal after the ransom payment negotiations allegedly failed.

The revenue and payment cycle management provider Change Healthcare data breach leaked on RansomHub’s leak website after the group that claimed it, ALPHV, was shut down.