Ransomware In Mexico's Pemex Oil Company, Halted Critical Operations And Work


The cryptocurrency market has been fluctuating, but that doesn't make people less eager in using digital coins for transaction. Most notably, scammers.

Petróleos Mexicanos, which translates to Mexican Petroleum, but is trademarked and better known as Pemex, is the Mexican state-owned petroleum company. And it has been hit by a ransomware attack that halted its critical operations.

As a result, it was forced to disconnect all of its computers across Mexico, freezing systems such as payments, according to five employees and internal emails. That in order to back up any critical information from hard drives, without the hackers' intervention.

The company had to communicate with employees via mobile messaging service WhatsApp because employees could not open their emails.

"In finances, all the computers are off, there could eventually be problems with payments," one employee said.

According to multiple reports from Reuters and Bloomberg, Pemex servers were infected by Ryuk Ransomware. This malware is said to be operated by cybercrime group Grim Spider, that primarly targets large organizations, and has been involved in a number of high-profile ransomware cases.

“We are taking measures at the national level to fight Ryuk ransomware, which is affecting various Pemex servers in the country,” Pemex said.

Pemex ransomware demand
The hackers demanded 565 Bitcoins in ransom. (Credit: Bleeping Computer)

However, according to a following report by Bleeping Computer stated that the cause of the attack was of DoppelPaymer infection, a variant of BitPaymer ransomware.

This was seen on the ransom note that appeared on Pemex computers, which pointed to a dark web website affiliated with DoppelPaymer.

It was then reported that the DoppelPaymer group demanded a ransom of 565 Bitcoins, or about $5 million.

According to the hackers, after Reuters contacted them, Pemex had missed a deadline for a "special price," an apparent reference to the discounts sometimes offered to ransomware victims for early payment. But the hackers said that Pemex still had time to pay without commenting any further.

Hackers have increasingly target companies with malicious programs that can cripple systems. And fortunately for Pemex, the state oil company said the attempted cyberattacks were neutralized quickly and affected less than 5% of its computers.

The statement was delivered on November 11th, a day after the attack.

Hackers have long target companies and take their digital data as hostages. As a result, many suffered catastrophic damage, whether or not they pay ransom.

In one instance, a Norwegian aluminum producer called Norsk Hydro was hit by a ransomware attack in March. The incident forced parts of the industrial giant to operate via pen and paper. The company refused to pay the ransom, and suffered up to $71 million in cleanup costs.

While there are people who are willing to pay for ransom, the number isn't many. Most people won't fell for such scam, and would rather solve the problem on their own rather than fall to the hackers' bidding.

As for Pemex, the attack is just another problem added to its sufferings.

Previously, the state oil company is already battling to pay down heavy debts, reverse years of declining oil production and avoid downgrades to its credit ratings.

After the ransomware attack has been neutralized, Pemex said that its storage and distribution facilities were already operating normally.

"Let's avoid rumors and disinformation," Pemex's spokesperson said in a statement.