Read Also

Shamoon Cyber Attacks on Aramco 2012

Shamoon Cyber Attacks on Aramco 2012

Shamoon computer virus is a type of viruses that have attacked the Gulf region especially the Kingdom of Saudi Arabia. This virus had started attacking the Kingdom of Saudi Arabia in 2012. The virus is able to overwrite the record of the master book. Through the process of overwriting, Shamoon could start up the record of the master book. This virus is very dangerous because it could attack more than 22 organizations in the Kingdom of Saudi Arabia. This virus has led to many costs that differed from an organization to another.. (Staff Writer, 2017)

Type of the Used Virus against Saudi Arabia:

This virus is a computer virus, which is called W32. The virus is used basically for the cases of cyber espionage. It primarily attacks the websites and computers of companies working in the energy and oil sector. It is a kind of malware that could attack the computers working with the systems Windows Me, Windows 9X and Windows NT. Shamoon virus is similar to another kind of viruses called Flame (Whatis, 2013).

The Impact of Shamoon on the Computing Environment:

This virus is firstly launched on the network of the computer system. The network of any system is what links between all the computers. This targeting the network would enable of attacking many computers inside the organization. After that, Shamoon uses a trait called "dropper" in order to spread to all the other storage disks of all computers in the same network. Then this virus spread files lists on all the attacked computers. The most dangerous thing in the virus is the "reporter" function, which sends back all the activities of malware and files' information to the hacker. "Wiper" function tries to delete most of the infected files so that the virus could not be discovered. Finally, Shamoon controls the record of the master boot so that it could not reboot (Whatis, 2013).

Impact of Shamoon Virus on Aramco:

The attacks of Shamoon virus started in 2012 through the computers of Aramco Company. The matter was very difficult because this is the biggest national oil company in the Kingdom. The hackers could publish images for burning the flag of the United States of America on the official website of the company. After that, Ras Gas Company was attacked through the same fatal virus. Shamoon could reach to many ministries in the Kingdom such as the Ministry of Labor and Workforce. Recently, there was a new wave of attacks through publishing the image of the drowning Syrian baby who is called Aylan Kurdi was published by hackers on the websites of the companies and ministries of the Kingdom of Saudi Arabia (Whatis, 2013).

Aramco Measures to Fix the Computing Environment:

The Saudi Ministry of Labor has exerted big efforts for solving the problems related to computers. Fixing computers was not an easy thing and it required the assistance of many information technology specialists and software and hardware specialists. They started to check all the devices and clean them from any malware or harmful viruses. Second, many protection applications were set up on the computers in order to protect them from any possible attacks. These applications are trusted applications that are bought from reputable organizations. Third, there was a team of specialists assigned by the Ministry of Labor in order to observe any similar attacks on computers and networks. This team is very efficient and it could observe the second wave of Shamoon virus attacks in January 2017 and this made the Ministry of Labor warn all the organizations to take necessary procedures (Saudigazette, 2017).

Aramco Future Steps to Avoid Future Attacks:

Shamoon virus started to attack the Saudi organizations on the 17th of November which was Thursday at 8: 45 pm. It is known that the Saudi businesses end their works on Thursday as Friday is the official vacation of the Kingdom of Saudi Arabia. Attacking the firms at 8: 45 means that the hackers know well the time in which there is none in the offices (Finkle, 2016). The Saudi authorities should assign many persons all the days of the week to control computers and discover any strange activities on them. Moreover, the Saudi authorities should assign specialists to work on updating a system and software that could prevent any Shamoon viruses.

Legal Authorities and Cyber Attackers in Saudi Arabia:

In fact, the Saudi authorities could not arrest or even identify the cyber attackers of Shamoon virus. That is because the criminals or cyber attackers were using proxy and VPN programs that disallow discovering their locations and the IP of the computers they are using. It is most probably that attackers are from outside the Kingdom of Saudi Arabia. Many specialists said that the Shamoon attackers are freelancers who get money for performing black hat attacks (Dimchev, 2017).


Shamoon virus is a very dangerous virus that attacked many oil companies in the Gulf region especially in the Kingdom of Saudi Arabia. This virus infected thousands of computers in many companies and it is used for hacking and publishing bad content on companies' websites such as burning the United States flag. It was primarily faced by the Ministry of Labor through many software specialists.

Shamoon Cyber Attacks on Aramco 2012


Font Size
lines height