Ransomware Attack on Gulf Petrochemical Services & Trading by Sarcoma Group

Gulf Petrochemical Services & Trading LLC (GPS), a prominent Omani enterprise in the hydrocarbon, petrochemical, and energy sectors, has allegedly been targeted by a ransomware attack orchestrated by the Sarcoma group. This incident underscores the escalating cybercrime threat within the energy sector, particularly in the Gulf region.

Company Profile

Founded in 1983, GPS stands as a fully Omani-owned entity, distinguished for its Engineering, Procurement, and Construction (EPC) prowess. The company operates extensively across Oman and the broader Gulf Cooperation Council (GCC) region, focusing on services tailored to the oil and gas industry, alongside water and wastewater management. With an annual revenue nearing $35.5 million and a workforce of approximately 824 employees, GPS holds a significant position in the Omani market. Its dedication to quality and safety is reflected in its ISO certifications and membership in esteemed industry organizations.

Attack Overview

The Sarcoma ransomware group purports to have exfiltrated 498 GB of sensitive data from GPS, encompassing personally identifiable information (PII) and critical contracts. The attackers have imposed a ransom deadline of December 15, exerting pressure on the company to meet their demands. This attack mirrors a previous incident involving Pan Gulf Holding in Saudi Arabia, hinting at a possible pattern of targeting firms in the region, potentially through third-party vulnerabilities.

Sarcoma Ransomware Group

Sarcoma is a relatively new yet aggressive ransomware group that surfaced in October 2024. Renowned for its double extortion tactics, the group encrypts victims' data and threatens to leak it if the ransom remains unpaid. Sarcoma has been notably active in targeting companies in Australia and New Zealand, with recent activities indicating a shift towards the Gulf region. The group frequently exploits supply chain vulnerabilities to infiltrate larger networks, posing a significant threat to organizations with extensive third-party interactions.

Potential Vulnerabilities

GPS's expansive operations in the energy sector, combined with its dependence on third-party vendors, may have rendered it vulnerable to exploitation by the Sarcoma group. The company's engagement in large-scale projects and its management of sensitive data make it an appealing target for cybercriminals. This attack highlights the critical need for enhanced cybersecurity measures, especially for companies operating within critical infrastructure sectors.

Sources

• https://www.ransomware.live/id/R3VsZiBQZXRyb2NoZW1pY2FsIFNlcnZpY2VzICYgVHJhZGluZ0BzYXJjb21h