Ecopetrol says cyberattack led to data theft, extortion demands
Ecopetrol, Colombia’s largest oil company and a key contributor to the country’s tax revenue, has confirmed that it was targeted in a cyberattack that led to data theft and subsequent extortion demands. The company revealed that a digital analysis conducted in May identified 29 potential violations of internal cybersecurity protocols, which may have resulted in the unauthorized exfiltration of confidential information. The breach was attributed to a cyberattack that compromised the company’s corporate IT infrastructure, though SCADA and telecommunications remained unaffected.
The stolen data reportedly includes internal documents, financial records, and personal information of employees and clients. The attackers, believed to be part of a ransomware group, have issued demands for payment to prevent the public disclosure of the data. The company has not disclosed the exact nature of the attack or the amount of the ransom requested but has confirmed that it has filed a criminal complaint with the Directorate for Investigation of Organized Crime and Terrorism (DIICOT).
Ecopetrol has stated that it is working closely with national cybersecurity authorities to investigate the incident and restore affected systems. The company emphasized that its core operations—specifically, the transportation of oil and gasoline through its National Oil Transport System—have not been disrupted. However, the incident has raised concerns about the vulnerability of critical infrastructure to cyber threats, particularly in the energy sector.
The attack on Ecopetrol is part of a broader trend of increasing ransomware and cyber extortion incidents targeting industrial and energy companies. In recent months, ransomware groups such as Qilin and Rhysida have been linked to similar attacks on firms in Europe and Asia, often leveraging double extortion tactics that combine data encryption with threats of public disclosure. Analysts note that such attacks are becoming more sophisticated and are carried out by criminal groups or state-aligned actors seeking to exploit vulnerabilities in corporate IT systems.
Ecopetrol’s situation highlights the growing risks associated with cyber threats to large enterprises, particularly those operating in politically sensitive sectors. The company has faced additional scrutiny in recent months due to allegations of contract irregularities and governance issues, further complicating its response to the cyberattack. Despite these challenges, Ecopetrol has maintained that its ability to fulfill contractual obligations remains intact and that the company is taking all necessary steps to mitigate the impact of the breach.
