This website uses cookies primarily for visitor analytics. Certain pages will ask you to fill in contact details to receive additional information. On these pages you have the option of having the site log your details for future visits. Indicating you want the site to remember your details will place a cookie on your device. To view our full cookie policy, please click here. You can also view it at any time by going to our Contact Us page.

Cyber-attack on Mexico's Pemex halts work, threatens computer networks

12 November 2019

An attempted ransomware attack on November 10 hit computer servers and halted administrative work at state-owned Mexican oil company Pemex, Reuters said, citing employees and internal emails.

Image: Shutterstock
Image: Shutterstock

An internal email seen by Reuters said Pemex was targeted by RYUK, a strain of ransomware that experts say typically targets companies with annual revenue between $500 million and $1 billion.

A company official confirmed the company was taking measures to fight RYUK, which was affecting various Pemex servers in the country.

The company originally said its computer centre in the state of Mexico had detected an attack by ransomware that could “block a computer screen or encode important, predetermined files with a password.”

Pemex told employees to disconnect from its network and back up critical information from hard drives, while some staff could not access a range of computer systems, such as those dealing with payments, media sources reported.

A Pemex statement late on November 11 said that the attempted cyber-attacks the day before were neutralised in a timely matter and affected less than 5% of its computers, although internal sources at the company said some systems were still off limits and others were running slowly because of  added anti-virus measures.

According to US cybersecurity consultancy CrowdStrike, which has investigated a number of previous large-scale cyber attacks on companies and organisations - including those on the Democrat Party during the last presidential elections in 2016, the threat actors behind RYUK are operating out of Russia.

Update: On November 13, Reuters reported that it had contacted the hackers behind the attack on Pemex, using darknet website details left on the Mexican company’s computers after the November 10 ransomware demands.

The hackers told the news agency's journalists they were demanding some $5 million in bitcoin from Pemex, but added the state oil company had missed a special ‘discount’ by not paying immediately after the initial cyberattack.

Despite claiming less than 5% of its computers had been affected by the cyberattack, some Pemex divisions, including the finance department, seem to have been seriously affected, according to anonymous inside sources cited by the news agency.

Companies taken hostage digitally can suffer catastrophic damage, whether or not they pay the ransom.

Norwegian aluminium producer Norsk Hydro was hit in March by ransomware that spread to 22,000 computers across 170 different sites in 40 different countries, eventually forcing parts of the industrial giant to operate via pen and paper.

The company refused to pay the ransom. But it said the attack generated up to $71 million in cleanup costs - of which only $3.6 million so far had been paid out by insurance.

More information...

Contact Details and Archive...

Print this page | E-mail this page