Cyber Incident Victim: W&T Offshore

In May 2020, hackers using the Nefilim ransomware publicly claimed to have compromised W&T Offshore Inc., a Houston-based oil and natural gas producer. The attackers asserted they had exfiltrated over 800 gigabytes of sensitive company data, including personnel records and financial documents. They published a portion of the stolen files on dark web platforms as proof of the breach and issued threats to release additional data unless their demands were met. Cybersecurity firm Cyble Inc. identified and reported on the incident, noting the attackers utilized their dedicated leak website to announce the compromise and stage the data release. The leak occurred amid a broader surge in ransomware attacks targeting critical infrastructure sectors during the COVID-19 pandemic.

The breach exposed substantial volumes of confidential corporate and employee information, though the exact operational impact on W&T Offshore’s drilling or production systems remained unspecified in available reports. No public statements from W&T Offshore regarding incident response actions, ransom negotiations, or system recovery timelines were documented at the time of initial disclosures. The incident exemplified ransomware actors’ evolving tactics of combining data encryption with extortion through selective leaks, particularly against energy sector targets. Cybersecurity analysts observed that Nefilim operators followed patterns seen in earlier attacks by prioritizing data theft alongside system disruption to pressure victims. The publication of stolen files created secondary risks of identity theft and financial fraud affecting W&T Offshore employees and business partners.