Mexico Ransomware Attack Freezes Pemex Payment Systems

Mexico's Pemex malware

Sources have revealed that a ransomware attack has frozen the billing systems of Mexico’s Petroleos Mexicanos (Pemex).

The company was hit by cyberattacks on Nov. 10, which affected less than 5 percent of personal computing devices. Although an internal message reportedly said that the company’s systems were infected by the Ryuk malware, Adam Meyers, vice president of intelligence at cybersecurity firm Crowdstrike, believes DoppelPaymer is most likely the culprit, according to published reports. In fact, he discovered a sample of the malware on a repository that had an embedded payment portal addressed to Pemex, with hackers requesting 565 bitcoin (equivalent to around $4.8 million) from the company. Meyers added that DoppelPaymer attacks are usually “financially criminal in nature.”

In addition, DoppelPaymer is often used on “high-value targets” — such as a healthcare organization, school district, or printing press — at crucial times in their operations, making them more likely to give in to a ransom demand, according to Bloomberg. This is an important time for Pemex, which is in the process of trying to reduce its debt, as well as reverse 14 years of production declines.

As a result of the attack, Pemex is reportedly using manual billing, and the slower process could impact the company’s ability to pay both its employees and suppliers, as well as its supply-chain operations, if the issue is not resolved this week. At the company’s refining arm, some employees are without access to email or the internet, while staff in well-drilling services were allowed to start their computers, but are not able to log on to the company network. Telephone lines are also down in some cases.

Despite these issues, Pemex made assurances in a Twitter post on Tuesday (Nov. 12) that fuel storage terminals were operating regularly, and its gasoline supply was “guaranteed.”