Halliburton RansomHub attack (2024)
RansomHub gained access to Halliburton's systems, prompting the oil-services giant to take infrastructure offline. The incident delayed invoicing and purchase orders, and Halliburton booked a $35 million loss in its SEC filings.
- Victim
- Halliburton
- Loss
- $35.0M
In late August 2024, Halliburton β one of the world's largest oil-services companies β disclosed a cyberattack on its IT environment that disrupted invoicing, purchase orders, and other day-to-day business processes. The intrusion was linked to RansomHub, the same Ransomware-as-a-Service operation that had also extracted a ransom from Change Healthcare earlier in the year.
What happened
On 21 August 2024, Halliburton became aware that an unauthorized third party had gained access to certain of its systems. The company activated its cybersecurity incident-response plan, engaged external advisors, and notified law enforcement. As a containment measure, Halliburton proactively took selected systems offline β a defensive choice that itself caused operational disruption.
The downstream effects included delays generating invoices and purchase orders and interruptions to Halliburton's ability to conduct ordinary business. The company disclosed the breach in an SEC filing on 23 August 2024.
Halliburton did not publicly name the perpetrator, but security researchers quickly identified the operation as RansomHub β the high-volume RaaS that had been linked to the Change Healthcare extortion earlier in 2024.
Impact
- Approximately $35 million of impact reported in Halliburton's September 30, 2024 10-Q.
- $0.02 per share hit to adjusted earnings from lost or delayed revenue.
- Operational disruption to invoicing, purchasing, and business workflows.
- No safety-critical control systems publicly reported affected.
Why it matters
Halliburton is one of the largest documented public-company cyber incidents in the U.S. energy services sector. The case demonstrates a now-standard playbook: an upstream RaaS hits the corporate IT estate of a critical-infrastructure adjacent operator, the operator goes defensive by yanking selected systems offline, and the cost shows up not as a ransom in the 10-Q but as $35 million of "lost or delayed revenue" β a category that auditors are now increasingly probing.
Financial impact
Reported costs in USD
- Business loss$35.0M
Timeline
Halliburton detects unauthorized third-party access to certain of its systems; activates incident-response plan and takes selected systems offline as a precaution.
Halliburton publicly acknowledges the IT-infrastructure breach in regulatory filings.
Cybersecurity researchers attribute the attack to RansomHub, the same operation behind the Change Healthcare extortion campaign earlier in 2024.
Halliburton 10-Q discloses approximately $35M of impact: lost or delayed revenue from the August cyber event, with a $0.02 per-share hit to adjusted earnings.
Sources
- bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/halliburton-cyberattack-linked-to-ransomhub-ransomware-gang/
- sec.govhttps://www.sec.gov/Archives/edgar/data/0000045012/000004501224000052/hal-20240830.htm
- cpomagazine.comhttps://www.cpomagazine.com/cyber-security/oil-giant-halliburton-lost-35-million-due-to-the-august-2024-ransomhub-ransomware-data-breach/
- grcreport.comhttps://www.grcreport.com/post/halliburtons-35-million-loss-the-aftermath-of-the-august-2024-ransomhub-ransomware-attack