CYBER ATTACK ON OIL INDIA

INTRODUCTION:

Oil India has intimated that on April 10 some malware infection followed by a
demand for ransom in bitcoin was observed at field headquarters, Duliajan. Servers were
shut down but field operations were continuing uninterrupted, the Ministry of Petroleum
and Natural Gas (MoPNG) said. A Russian malware planted from a server in Nigeria was
used for a recent cyber attack on Oil India's (OIL) system in Assam's Duliajan, which had
brought down the PSU major's network, a top police official said on Friday.

The OIL system is yet to be restored completely even after 10 days of the
incident, they added. A top police official, who wished not to be named, told PTI that
their investigations indicated the cyber attack was carried out from overseas.

ABOUT OIL INDIA:

Oil India Limited (OIL) is the second largest Indian-government owned

hydrocarbon explorer and producer. It is under the ownership of Ministry of Petroleum
and Natural Gas, Government of India. The Ministry of Petroleum and Natural
Gas oversees its operations, with its headquarters in Duliajan, Assam. The government
corporation is a Navratna with its offices in Noida, Uttar Pradesh, Guwahati and Jodhpur.

OIL is engaged in the business of exploration, development and production

of crude oil and natural gas, transportation of crude oil and production of liquid
petroleum gas. The company's history spans the discovery of crude oil in India in the year
1889, this was second in the World in the far east of India at Digboi and Naharkatiya,
Assam to its present status as a fully integrated upstream petroleum company presently
operating in more than 9 locations overseas. Recently, OIL acquired majority shares in
Numaligarh Refinery Limited (NRL) from Bharat Petroleum Corp. Ltd. , thus making
NRL a subsidiary of OIL.
EXPLORATION AND PRODUCTION:
Oil India Limited was formed by the Burmah Oil Company Limited as its
subsidiary in India 1887 to explore in the Assam Basin, India (Corley, T A B, 1983, The
History of the Burmah Oil Company, 1886–1983). Staff at the Burmah Oil Company
Limited had heard from a geologist with the colonial British Indian Geological Survey,
Thomas Oldham, that oil was found on the feet of elephants that were being used as
beasts of burden in the vicinity of the Digboi village (Arun Metrie, pers. comm., former
Burmah Oil economist, 1988). The oil on the elephants' feet was traced to the Digboi
area, where a surface fold (anticline in geological parlance) had formed a broad hill. A
successful technique for exploration for hydrocarbons at the time was drilling beneath
seeps on anticlines (Thornton, S E, 2015, The history of Oil Exploration in the Union of
Myanmar, Paper No. 10807), so Oil India drilled beneath the Digboi seeps and found a
giant oil field. Several other oil fields were subsequently found by Oil India Limited in
what became India's first oil production.

Recoverable oil reserves. As of 2014 the company produced 3.466 MMT of crude
oil, 2625.81 million cubic metre at standard conditions of natural gas and 46,640 tonnes
of LPG. Most of this was produced from its traditionally rich oil and gas fields
concentrated in the Northeastern part of India and contribute around 80% of total oil and
gas produced in the region. The search for newer avenues has seen OIL spreading out its
operations in onshore / offshore Orissa and Andaman, Cauvery offshore, Tamil
Nadu, Arabian Sea, deserts of Rajasthan, onshore Andhra Pradesh, riverbeds
of Brahmaputra and logistically difficult hilly terrains of the Indian
state Mizoram and Arunachal Pradesh. In Rajasthan, OIL discovered gas in 1988, heavy
oil / bitumen in 1991 and started production of gas in 1996. The company has
accumulated over a hundred years of experience in the field of oil and gas production,
since the discovery of Digboi oilfield in 1889.

The company has over 100,000 square kilometres (39,000 sq mi) of licensed areas
for oil and gas exploration. It has emerged as a consistently profitable International
company and present
in Libya, Gabon, Nigeria, Sudan, Venezuela, Mozambique, Yemen, Iran, Bangladesh and
United States. OIL has recently emerged in the offshore giant gas-field project of
Mozambique and also made discovery of oil & gas in Gabon as an Operator and Libya as
non-operator. OIL acquired Shale oil asset in United States during 2012.

In recent years, Oil India Limited has stepped up exploration and production
activities significantly in north-eastern India. OIL has set up its NEF (North East
Frontier) project to intensify its exploration activities in the frontier areas in North East,
which are logistically very difficult and geologically complex. Presently, exploration
activities are in progress along the Trust Belt areas of Arunachal, Assam including
Mizoram. The company operates a crude oil pipeline from Duliajan to Barauni, in Bihar.
HISTORY:
Oil India was founded on 18 February 1959, with its registered office in Duliajan,
Assam, as a privately held oil exploration company. Burmah Oil Company originally
held two-thirds of the stock and the Government of India (via the Office of the President)
held the rest. This joint venture gave birth to the exploration and drilling at two new sites
in Naharkatiya and Moran in Dibrugarh district which had then been just recently
discovered. In the Spring of 1961 the company became publicly listed, and later that year
the Government of India acquired 50% ownership interest. In 1981, the Government of
India acquired 100% of the equity interest in the company which by then controlled all
the oilfields of Tinsukia and Dibrugarh districts.

In 1961, construction of the company's first gas-powered power plant was

completed in Duliajan, Assam. IN 1962, a 401 km (16-inch diameter) pipeline from
Duliajan to Guwahati was completed. The following year, a 756 km (14-inch diameter)
extension to the pipeline from Guwahati to Barauni in Bihar was completed.

A 1,157-kilometre (719 mi) long fully automated telemetric pipeline with 212
kilometres (132 mi) of looping and a total capacity to transport over 6.0
million tonnes per year remains the lifeline of the company. Commissioned in 1962, the
double skinned crude oil pipeline traverses 78 rivers including the Brahmaputra River as
it meanders through paddy fields, forests and swamps. There are 11 pumping stations, 18
repeater stations and two terminals at Numaligarh and Rongapani in Udalguri district.
The engines that drive the giant pumps along the pipeline have more than two hundred
thousand hours of service and established a world record of machine hours.

OIL completed the construction of a 660-kilometre (410 mi) pipeline from

Numaligarh to Siliguri in November 2007. The company also sells its gas to different
customers in Assam: Brahmaputra Valley Fertilizer Corporation Limited
(BVFCL), ASEB, NEEPCO, Indian Oil Corporation's retail Assam Oil Division,
and APL as well as to the Rajasthan Rajya Vidyut Utpadan Nigam formerly part of the
Rajasthan State Electricity Board. It also produces liquefied petroleum gas (LPG) at its
plant in Duliajan, Assam.
MANAGEMENT:

Chairman and Managing Directors

 1992 to 1995 - Bikash Chandra Bora

 May 2002 to 28 February 2006 - Ranjit Kumar Dutta
 14 March 2006 to 1 December 2008 - Mulkh Raj Pasrija
 1 December 2008 to April 2012 - Nayan Mani Borah
 May 2012 to 30 June 2015 - S. K. Srivastava
 1 July 2015 to 17 July 2016 - vacant
 18 July 2016 to 30 September 2019 - Utpal Bora
 1 October 2019 to present - Sushil Chandra Mishra

RESEARCH AND DEVELOPMENT:

OIL's R&D Mission is to provide knowledge-based, competent and techno-

economically feasible solution in the areas of Exploration, Drilling, Production,
Transportation of crude oil and natural gas, Pollution Monitoring & Control and
Alternate source of Energy, through laboratory services of highest quality and by
adopting state-of-the-art technology and caring for the environment.
OIL accords utmost importance to up-gradation of technologies and expertise in various
areas of its activities through its own Research & Development Centre at Duliajan,
Assam.
The R&D Centre is recognized by the Department of Scientific & Industrial
Research under the Ministry of Science & Technology, Govt. of India. The R&D
Department is carrying out studies in the highly specialized areas of petroleum
geochemistry, oilfield chemicals, drilling and workover fluids, enhanced oil recovery,
well stimulation, pollution control, petroleum biotechnology, etc.
The Company has entered into collaborative projects with reputed academic
institutions of higher learning – IIT (Bombay), IIT (Madras), IIT (Guwahati), IIT
(Roorkee), Indian School of Mines, Dhanbad, Gauhati University and the North Eastern
Hill University, Shillong. In addition, it has research tie-ups with reputed agencies such
as The Energy and Resources Institute (TERI), Institute of Reservoir Studies (IRS,
ONGC), National Geophysical Research Institute (NGRI), Indian Institute of Petroleum
(IIP) and CSIR - Central Electrochemical Research Institute.
The Company is determined to further strengthen its R & D efforts towards
providing appropriate techno-economical solution of the problems faced in the areas of
exploration, drilling, production and transportation of crude oil and natural gas.
The Company has also Established Centre of Excellence for Energy Studies
(CoEES), a centre for integrated study of various domains in the upstream petroleum
sector specially covering both Exploration and Reservoir activities.

The vision of CoEES is to be a centre of innovation and development for enabling

OIL to match with the global oil majors in terms of technical capability and business
performance. To meet the above vision, the Company has procured top notch facilities in
terms of software, hardwares, laboratory facilities and expertise for building an
environment that fosters innovation and creativity. It is equipped with world class
technologies encompassing the conventional oil and gas sector, unconventional
hydrocarbon and other energy spectrum.

CoEES activities are aligned to match OIL's vision and strategy. Broadly the areas
taken up by the centre are Basin Modelling, EOR / IOR, Unconventional Hydrocarbon /
Alternate Energy Resources, Environmental Studies, and industry academia
collaboration. A few projects are being taken up on the above areas in the initial phase
and some of which are in collaboration with the premier institutions in India and abroad.
The analytical laboratory has already started functioning after setting up of a few state-of-
the-art equipment and facilities.
OIL entered the international oil and gas business with its first international
acquisition in Oman in 1998-99. OIL currently owns participating interest in 11 oil and
gas assets having its footprint in 8 countries viz. Russia, USA, Venezuela, Nigeria,
Gabon, Libya, Mozambique and Bangladesh. The Company has a diverse portfolio of
exploratory assets, producing assets, pipeline, unconventional shale oil play and has
consolidated its experience to take up operatorship in overseas assets of Libya, Gabon
and Myanmar.

INTERNATIONAL BUSINESS:

Overseas Investments have several dimensions – more so when the investment is

in Oil and Gas. It requires thorough understanding of issues beyond techno-commercial
aspects of the asset/company. Important issues in the decision-making processes are
factors, such as, Macro-economic environment, country risks, economic, political and
regulatory environment of the destination country, fiscal issues, issues and opportunities
relating to oil and gas sector, international diplomacy, bilateral relations with India etc. It
is also important to have a general understanding and updated information on the Global
and Domestic economic trends, movement of oil and gas prices, production and
consumption trends of petro products at the back of the mind while dealing with various
business opportunities.
OIL has been pursuing acquisition of overseas E&P properties since 1998.
However, the thrust for acquisition of overseas E&P properties began from the year 2005,
with Government of India facilitating the process through the mechanism of Empowered
Committee of Secretaries.
The Company’s overseas E & P portfolio as on 31st March 2021 is spread over
08 countries covering Russia, USA, Venezuela, Mozambique, Nigeria, Bangladesh,
Libya and Gabon. The portfolio includes 5 (five) producing assets spread across Russia,
USA & Venezuela, 2 (two) discovered and development assets in Mozambique and
Nigeria and 4 (four) exploratory assets in Libya, Gabon, and Bangladesh. In addition to
the above, OIL has 10% PI in 741 Km long Multiproduct pipeline construction and
operation project in Sudan which was completed in 2005.
The oil & gas 2P reserves position (as on 31.03.2021) of 06 overseas producing
and discovered assets (Company's Proportionate Share) viz. Niobrara Shale Oil (USA),
License-61 (Russia), Vankorneft (Russia), TaasYuryakh (Russia), Carabobo (Venezuela)
and Area-1 (Mozambique) stood at 54.3912 MMTOE. During 2020-21, production from
overseas assets corresponding to OIL’s participating Interest in these assets stood at 2.10
MMTOE.
 As on 31.03.2021, an amount equivalent to USD 519.44 million has been received
at the SPV level as dividend corresponding to OIL’s stake in Vankorneft and TYNGD in
Russia.
CYBER ATTACK:

PSU major Oil India, which suffered a cyberattack disrupting its operations in
Assam, has received a ransom demand of USD 75,00,000 (over Rs 57 crore) from the
perpetrator, officials said on Wednesday. A case was registered under various sections of
the Indian Penal Code and the Information Technology Act, 2000, after the company
lodged a complaint with the police. The public sector undertaking OIL and the
government exchequer have incurred a huge financial loss due to the cyberattack -
ransomware, as the business through the IT system has been seriously affected, OIL
Manager (Security) Sachin Kumar said in the police complaint.

The cyberattack took place on April 10 at OIL's one of the workstations of the
Geological and Reservoir department, but it was intimated by the IT department on
Tuesday, he said.

"After their preliminary investigation, it came to their notice that OIL's network,
server and clients' PCs are facing network outage.

"Further, it also came to their notice that cyberattacker has demanded USD
75,00,000 as a ransom through a note from the infected PC," Kumar said.

The server, network and other related services of the company are affected, he
added.

its field headquarters in Duliajan that the company is working on repairing the system in
phases and "it will take time"."Our online systems are down and we are working offline.
The drilling and production work has been unaffected. The data are being saved offline
now and it will be uploaded later when the IT system will run again," he said.

A senior official of the OIL's pipeline headquarters at Narengi in Guwahati told

PTI that they have shut down their entire network, although their system has not suffered
any attack as of now."Our work is badly affected as we are fully dependent on the
internet network. Our IT engineers are constantly monitoring the situation and they are
fully prepared to thwart any cyberattack," the official said on condition of anonymity.

CLARIFICATION:

Giving a clarification about the recent cyber-attack on the company’s IT systems,

Oil India said that a malware threat was noticed by the company’s officials and reported,
but it did not have any effect on its operations.

The state-owned company had suffered a major cyber-attack in its field

headquarters in eastern Assam’s Duliajan, with the hacker demanding $75,00,000, IANS
reported on April 13.

After receipt of the report of malware threat, precautionary measures were taken
by the company, it said in a regulatory filing to the exchanges.
Network management service providers and the Anti-Virus Team were also immediately
informed about the incident. The incident was also reported to CERT-In," the filing said.
Cert-In is the government’s nodal agency to deal with cyber security threats like hacking
and phishing.

Besides, the company clarified it did not attempt to establish any contacts with the
miscreants.

―We would like to state that there has been no bearing on the
operations/performance of the company due to the said malware threat which warrants
public announcement.

Presently, uninterrupted operations are going-on and business continuity is

maintained," the company added.

INVESTIGATION:

Computers at Oil India Limited’s (OIL) field headquarters in Assam Duliajan

were locked out after a ransomware attack, according to a copy of the police case lodged
by the state-run refiner, which also said the group behind the cyber attack sought $7.5
million (over ₹57 crore) in Bitcoin to restore accessDuliajan is the headquarters for OIL,
the country’s second-largest oil and gas company that is run by the government. The
scale of the systems affected was not immediately clear but a representative, who
confirmed the incident, said systems connected to production and drilling were not
affected.
―There has been a cyberattack in which some of our systems and few servers in Duliajan
office were affected. As a precautionary measure, we are putting some of our systems
down and got into restoration exercise,‖ said OIL public relations officer Tridiv Hazarika.
Cybersecurity experts have been brought in to help restore the network, the official
added.
The problem was noticed on Sunday afternoon when employees who were
working noticed some computers began experiencing outages. The IT support team
detected the problem as a malware attack and took affected computers off of the local
area network.
―We have employed an international cyber security expert to devise a way to reboot and
restore our systems. We are doing it in a phased manner and should be over in next 4-5
days,‖ Hazarika added.
Ransomware is a malware that encrypts all data of a computer with a key that
only the attackers behind it have access to. Such attacks typically are aimed to extort
money but when critical infrastructure and industry such as refineries are targeted, there
can be broader risks. Groups typically threaten to leak data they have accessed in order to
strongarm their targets into paying up.
Hazarika said a case has been lodged with the local police in Duliajan to look into the
attack.
The first information report (FIR) of the case, which HT has seen, mentioned that
the malware hit one of workstations of the geology and reservoir (G&R) department.
―After their (IT department’s) preliminary investigation, it came to notice that OIL’s
network, server and clients PCs are facing network outage. Further it also came to notice
that the cyber attacker has demanded 7,500,000 USD as ransom through a note from the
infected PC,‖ the FIR read.
―OIL is a public sector undertaking company and due to this cyber-attack of ransomware,
OIL and government exchequer has incurred huge financial loss as business through IT
has been seriously affected,‖ the FIR added.
Dibrugarh district superintendent of police Shwetank Mishra informed that while OIL has
already engaged technical consultants to find origin of the malware, a CID team would
reach Duliajan to start investigations of their own.
―Thankfully there has been no impact on our production and drilling activities. These
activities, which are not heavily reliant on IT resources, are functioning normally,‖ said
Hazarika.

The software which handles the key business functions of OIL in Duliajan like
payments to vendors and contractors also hasn’t been affected and is functioning as
usual,‖ he added while assuring stakeholders and shareholders that all of OIL’s data is
secure.

NO DATA BREACH,HUGE FINANCIAL LOSS:

The registered headquarters of state-run Oil India Limited (OIL) at Duliajan in

Assam’s Dibrugarh district is facing its ―biggest cyberattack in recent years‖.―It is a
virus, it is a fairly severe and strong virus. It has impacted some of our servers —
restoration will take some time. We are also taking the help of external experts,‖ OIL
spokesperson Tridiv Hazarika told ThePrint, adding that there had been no data breach so
far. ―This is the biggest attack that we have faced in recent years.‖

Dibrugarh Superintendent of Police (SP) Shwetank Mishra said hackers had asked
for a ransom of 196 Bitcoins — which comes up to approximately Rs 60 crore.Asked if
any data had been compromised, he added: ―Details are being worked out, as of now it is
just known that a ransomware attack has been carried out.‖An FIR has been filed at the
Duliajan Police Station under various sections of the Information Technology Act and
Section 385 of the Indian Penal Code, which deals with extortion.

OIL’s complaint to the police said that the cyberattack took place on 10 April on
―one of the work stations of the G&R (Geology and Reservoir department)
departments‖.―After their preliminary investigation, it came to their notice that OIL’s
network, server, and clients PCs are facing network outage,‖ OIL’s complaint, which
ThePrint has accessed, reads. ―Further, it also came to their notice that, the cyber attacker
has demanded 7500000 USD (roughly Rs 57 crore) as a ransom through a note from the
infected PC.‖However, OIL spokesperson Hazarika played down the ransom
demand.―These are standard tactics of hackers who use ransomware to intimidate the
target entities,‖ he said.The virus infected a few computers, which were subsequently
removed from the LAN connection, Hazarika said.

According to the spokesperson, there has been no data breach so far.―Our

operations, the key elements of our day-to-day activities — drilling, and production
operations have not been impacted at all… The ERP platform, which we use for our
business transactions, is also up and running,‖ he said. ―We are just taking some time to
activate all the desktops, which, as a precautionary measure, we had removed from our
systems‖.The company said in its complaint that the public sector undertaking had
―incurred a huge financial loss‖ because their business transactions have been affected
but it does not quantify the loss.

ACTION TAKEN:

Oil india limited’s headquarter in the Dibrugarh district of Assam witnessed a

ransomware attack which lead to the shutting down of the company's computer and IT
systems.
"Oil India Limited's registered headquarter at Duliajan is under a ransomware attack which
led to the company shutting down its computers and IT systems," said OIL spokesperson
Tridiv Hazarika On Sunday.Hazarika informed that the attackers had asked for a ransom of
USD 75 lakhs (over Rs 57crores."As of now, there is no clue about the identity of the hacker
or how that hack made way to our systems. Investigation agencies are probing the issue," he
added.

However, the oil production operations of India's second-largest national oil and gas
company are functioning normally."With regards to oil production, operations are
functioning normally. SAP platform is not affected the only issue arising is in the personal
desktops installed in our offices. Some of them have been cleaned,work is in progress on the
remaining desktops," he said.
The company's representative also said that a team of IT experts are working with the
company "We are taking the help of an IT security expert team. Special agent which can be
called a superior anti-virus will be installed on every system so that such incidents don't
occur once again," he added.
FIR has been registered by police on the basis of complaints by the company. Investigation
agencies are probing the matter.
 Dibrugarh Superintendent of Police (SP) Shwetank Mishra said hackers had asked
for a ransom of 196 Bitcoins — which comes up to approximately Rs 60 crore.Asked if
any data had been compromised, he added: ―Details are being worked out, as of now it is
just known that a ransomware attack has been carried out.‖An FIR has been filed at the
Duliajan Police Station under various sections of the Information Technology Act and
Section 385 of the Indian Penal Code, which deals with extortion.
CONCLUSION:

The proposed exploratory drilling project has certain level of marginal impacts on
the local environment. However, the proposed project has significant beneficial
impact/effects in terms of providing the employment opportunities and various CSR
practices to be followed by ONGC. Growth and development, in harmony with the
environment, has always been the approach of ONGC. The conclusions of EIA are:

• The proposed project meets the compliance requirements of various environmental

regulations;

• Adoption of environmental friendly Best Management Practices results in minimising

the impacts on environment;

• Community impacts of the project will be beneficial, as the project will generate
significant economic benefits for the region;

• The post drilling, commercial developmental activities of ONGC can reduce the import
burdens of crude oil to the nation; and

• With the effective implementation of the Environment Management Plan (EMP) during
the planning, design, construction and operation phases, the development and production
project can proceed without significant negative impact on the environment.

Conluding that the company and government exchequer have incurred a huge loss due to
the cyber attack since the IT systems have shut down operations. the IT department is yet
to ascertain the extent of the damage the company is seeking help from an internationally
reputed IT security consultant to restore the computers phase-wise. the company’s day-
to-day activities have not been impacted by the cyber attack. The drilling activities are
going on without interruption.
REFERENCE:

https://www.thehindubusinessline.com/companies/oil-india-hires-
agency-to-investigate-april-ransomware-
attack/article65439849.ece#:~:text=State%2Drun%20Oil%20India%20
has,the%20genesis%20of%20the%20attack.

https://www.ndtv.com/india-news/russian-malware-used-for-oil-india-
cyber-attack-in-assam-report-2911203

https://economictimes.indiatimes.com/news/india/oil-india-cyber-attack-
russian-malware-planted-from-nigeria/articleshow/91010072.cms

https://www.business-standard.com/article/companies/oil-india-suffers-
cyber-attack-receives-rs-57-crore-ransom-demand-
122041301002_1.html