Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

US oilfield service provider disrupted by ransomware attack

A major Texas-based oilfield supplier has suffered disruptions after it was hit by a ransomware attack.

user icon Daniel Croft
Mon, 11 Nov 2024
US oilfield service provider disrupted by ransomware attack
expand image

Newpark Resources is a provider of sustainable services for the energy infrastructure and drilling industries, creating products and services for oilfields and more.

The company announced in a filing with the US Securities and Exchange Commission that it detected a ransomware attack on its network late last month.

“On October 29, 2024, the company detected a ransomware cyber security incident (‘Incident’) in which an unauthorised third party gained access to certain of the company’s internal information systems,” said Newpark Resources.

============
============

“Upon detection, the company activated its cyber security response plan and launched an investigation internally with the support of external advisors to assess and to contain the threat.”

As a result of the incident, the company said, aspects of its network have faced disruptions, and access is limited.

“The incident has caused disruptions and limitation of access to certain of the company’s information systems and business applications supporting aspects of the company’s operations and corporate functions, including financial and operating reporting systems,” it said.

“However, the company’s manufacturing and field operations have continued in all material respects utilising established downtime procedures.”

The company has not disclosed which ransomware actor was behind the incident nor how the threat actor gained access to its network, but it has said that its investigation is ongoing.

“The full scope of the costs and related impacts of the Incident, including any future impact on our financial condition and results of operations, has not yet been determined,” added Newpark Resources.

“Based on the company’s current knowledge of the facts and circumstances related to this incident, the company believes that this incident is not reasonably likely to materially impact the company’s financial conditions or results of operations.”

Cyber attacks on critical infrastructure and energy providers are becoming increasingly common. Earlier this month, Schneider Electric allegedly suffered a second cyber attack for the year, with data published on X (formerly Twitter).

On 4 November, a threat actor by the name of “greppy” posted to X to taunt the French multinational.

“Hey @SchneiderElec, how was your week?” the threat actor said.

“Did someone accidentally steal your data and you noticed, shut down the services and restarted without finding them? Now you shut down again but the criminals seem to have taken more juicy data.”

In a reply to their own tweet, the threat actor also posted a sample of the stolen data, which appears to be email addresses, links to JIRA accounts and links to Gravatar accounts. Gravatar is a platform that allows users to create a digital avatar to accompany their email address.

It appears that greppy may be connected to the HELLCAT ransomware gang, with Schneider Electric appearing on the group’s dark web site.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.