Ransomware Attack on Odfjell Drilling by Meow Ransomware Group

Overview of Odfjell Drilling

Odfjell Drilling AS, headquartered in Bergen, Norway, is a prominent offshore drilling contractor with a global presence. Founded in 1973, the company operates a fleet of advanced drilling rigs, including semi-submersibles and jack-up rigs. Odfjell Drilling provides a range of services, including offshore drilling, well services, engineering, project management, and decommissioning. The company employs approximately 1,200 personnel and reported a revenue of around $400 million for the fiscal year 2022. Known for its commitment to safety, environmental sustainability, and technological innovation, Odfjell Drilling has secured long-term contracts with major oil companies, enhancing its market presence.

Details of the Ransomware Attack

On July 16, 2024, Odfjell Drilling fell victim to a ransomware attack orchestrated by the Meow Ransomware group. The attack targeted the company's digital infrastructure, potentially compromising sensitive data and disrupting operations. The ransomware group claimed responsibility for the attack via their dark web leak site, where they often list victims who have not paid the ransom. The attack has posed significant challenges for Odfjell Drilling, which is now focused on mitigating the impact and restoring its systems to full functionality.

About Meow Ransomware Group

Meow Ransomware emerged in late 2022 and resurfaced in 2024 with increased activity. The group is associated with the Conti v2 ransomware variant and primarily targets industries with sensitive data, such as healthcare and medical research. Meow Ransomware employs various infection methods, including phishing emails, exploit kits, Remote Desktop Protocol (RDP) vulnerabilities, and malvertising. Once a system is compromised, the ransomware encrypts files using a combination of the ChaCha20 and RSA-4096 algorithms. The group leaves behind a ransom note named "readme.txt," instructing victims to contact them via email or Telegram to negotiate the ransom payment.

Potential Vulnerabilities and Penetration Methods

Odfjell Drilling's extensive digital infrastructure and global operations make it a lucrative target for ransomware groups like Meow. The company's reliance on advanced technology and digital systems for its drilling and engineering services could have exposed vulnerabilities that the ransomware group exploited. Potential penetration methods include phishing emails targeting employees, exploiting RDP vulnerabilities, and using malvertising to deliver the ransomware payload. The attack underscores the importance of robust cybersecurity measures to protect against sophisticated threat actors.

Sources

• Odfjell Drilling - Emergency Response
• Equinor Signs Odfjell Rig for Long-Term North Sea Operations
• SOCRadar - Dark Web Profile: Meow Ransomware
• SalvageData - Meow Ransomware
• WatchGuard - Meow Ransomware