KUALA LUMPUR (Oct 7): A quarter of the top 150 US energy companies are highly susceptible to a ransomware attack, while a massive 77% of them have at least one leaked credential within the last 90 days, according to new research by cybersecurity firm Black Kite.

US-based Black Kite is a cyber risk rating platform.

The research said some 28% of the oil sector is highly susceptible to ransomware attacks.

It said targeted attacks on the oil industry result in massive shortages nationwide from the diversion of gas carrier trucks to consumers hoarding gas through various means.

Black Kite’s research also revealed that 25% of the natural gas sub-sector of the top 150 companies reviewed is highly susceptible to a ransomware attack, as well as 17% of electricity companies in the sample.

Earlier this year, a ransomware attack on the computer network of the Colonial Pipeline, the key fuel pipeline for the US East Coast, forced the pipeline operator to shut it down for five days.

The shutdown of the main pipeline for the Eastern Seaboard resulted in fuel shortages that persisted for more than a week, a run to gas stations and a spike in gasoline prices.

Black Kite said nearly half, or 49%, of the energy sector had a critical vulnerability due to out-of-date systems, while 74% of energy companies had not deployed the necessary configurations (DMARC record) to prevent email spoofing attacks.