TechCrunch reports that Halliburton has confirmed data access and exfiltration a week after being impacted by a cyberattack by the RansomHub ransomware operation.
Additional investigation is still being conducted to determine the "nature and scope" of the data compromise, said the major U.S. global oil field services firm in a filing with the Securities and Exchange Commission, which also noted ongoing work to restore its public-facing systems, most of which continue to be offline. Such a development comes after the emergence of a ransom note from RansomHub said to be related to the incident although Halliburton has not yet been added to the ransomware gang's leak site. Over 210 organizations have already been compromised by RansomHub since its emergence in February, according to a joint advisory from the Cybersecurity and Infrastructure Security Agency, Department of Health and Human Services, Multi-State Information Sharing and Analysis Center, and the FBI.