Ransomware attack at Mexican oil firm halts work

Ransomware attack at Mexican oil firm halts work

Ransomware

A ransomware attack hit computer servers and halted administrative work on Monday at Mexican state oil firm Pemex, according to employees and internal emails, in hackers' latest bid to wring ransom from a major company.

Hackers have increasingly targeted companies with malicious programs that can cripple systems overseeing everything from supply chains to payments to manufacturing, removing them only after receiving substantial payments.

An internal email seen by Reuters said Pemex was targeted by "Ryuk," a strain of ransomware that experts say typically targets companies with annual revenue between $500 million and $1 billion.

"We are taking measures at the national level to fight RYUK ransomware, which is affecting various Pemex servers in the country," a company official said in an email on Sunday.

The attack is the latest challenge for embattled Pemex, already struggling to pay down massive debt, reverse years of declining oil production and fend off potential downgrades of its credit ratings.

Pemex said in a statement late on Monday that attempted cyber attacks the day before were "neutralized" in a timely matter and affected less than 5% of its computers.

Operations were normal, and oil production and storage were unaffected, Pemex added, noting that it often received cyber attacks and threats but none had yet been successful.

The company had said on Sunday its computer center in the state of Mexico had detected an attack by ransomware that could "block a computer screen or encode important, predetermined files with a password."

Pemex added it hoped for a solution in 48 hours and warned users nationwide to not turn on their computers.
In a separate internal e-mail also seen by Reuters, Pemex told employees to disconnect from its network and back up critical information from hard drives.

Three Pemex employees said work ground to a halt on Monday because staff could not access a range of computer systems, such as those dealing with payments.

"The servers crashed. People aren't working," said one, who asked not to be identified as he was not authorized to speak to the media.

Source: Reuters 12 November, Mexico City

Reporting: Adriana Barrera & Ana Isabel Martinez

Copyright Lyonsdown Limited 2021

Top Articles

It’s time to upgrade the supply chain attack rule book

How can infosec professionals critically reassess how they detect and quickly prevent inevitable supply chain attacks?

Driving eCommerce growth across Africa

Fraud prevention company Forter has partnered with payments technology provider Flutterwave to drive eCommerce growth across Africa and beyond.

Over 500,000 Huawei phones found infected with Joker malware

The Joker malware infiltrated over 500,000 Huawei phones via ten apps using which the malware communicates with a command and control server.

Related Articles