Pemex, Mexico’s state-run oil company, is the latest victim of a ransomware attack that crippled portions of its country-wide computer network.
The company discovered the attack on Sunday and was forced to shut down computers across Mexico, freezing payment and other systems.
A ransom ‘note’ on the infected computers directed the company to a website on the dark web connected with the “DoppelPaymer” malware.
The website demanded a ransom of 565 bitcoins – worth roughly US$5 million [AU$7.3 million] – to be paid within 48 hours of the attack.
According to Reuters, which saw the ransom demand and corresponded with the hackers via the provided email, Pemex had missed the deadline for a special discounted price but still had time to pay the full amount.
There has been no word yet whether Pemex has paid the ransom.
Pemex downplays impact of cyberattack
The embattled oil company, which has struggled to pay down mounting debt and reverse declining oil production, has downplayed the severity of the attack.
In an official statement posted Monday on Twitter, the company insisted that it was operating normally and strongly encouraged the public to “avoid rumors that damage the image of the company.”
📌Pemex opera con normalidad. pic.twitter.com/IF7kf6VIEk
— Petróleos Mexicanos (@Pemex) November 12, 2019
According to the translated statement:
“On Sunday, November 10, the state-owned company received attempts at cyberattacks that were timely neutralized, affecting the operation of less than 5% of personal computer equipment.
“Notwithstanding the above, Pemex reiterates that fuel production, supply, and inventories are guaranteed.”
Despite Pemex’s claims to the contrary, the effects of the attack could be more widespread than the company is letting on.
Bloomberg reports that “people familiar with the situation,” speaking on condition of anonymity, have said that the company is “is relying on manual billing that could affect payment of personnel and suppliers and hinder supply chain operations.”
As of Tuesday, fuel invoices were reportedly having to be processed manually and some employees were unable to access emails or the internet.
Attacks on commodities industry increasing
The attack on Pemex is just the latest in a growing list of companies in the commodities industry.
“Too many organizations are unintentionally opening themselves to these attacks on their sensitive data, with exposed pathways in their IT ecosystems that they are unaware of, because they have not fully mapped their attack surface,” said Raphael Reich, Vice President of cybersecurity firm CyCognito.
“They don’t know where they have exposed servers, applications, and other IT assets, and they also don’t know when and where their third party vendors, partners or subsidiaries leave systems, applications and infrastructure exposed. This all creates shadow risk.”
In March of this year, Norsk Hydro ASA, one of the world’s largest producers of aluminum, was hit with a ransomware attack that forced it to shut down several of its plants and switch several others into manual mode.
At the time of the attack, Chief Financial Officer Eivind Kallevik declined to provide details regarding the ransom demand, noting instead that the company’s “main strategy is to use the backup data we have in the system.”
Zinc and lead producer Nyrstar NV also suffered a ransomware attack in January, and oil producers Saudi Aramco and Rosneft PJSC have also suffered similar attacks.