🐂 Not all bull runs are created equal. November’s AI picks include 5 stocks up +20% eachUnlock Stocks

Hackers demand $5 million from Mexico's Pemex in cyberattack

Published 11/12/2019, 08:32 PM
Updated 11/12/2019, 08:36 PM
Hackers demand $5 million from Mexico's Pemex in cyberattack

By Adriana Barrera and Raphael Satter

MEXICO CITY/WASHINGTON (Reuters) - Hackers demanded about $5 million in bitcoin from Mexico's Pemex, they told Reuters on Tuesday, saying the state oil firm missed a special discount by not paying immediately after a cyberattack that fouled up the company's systems.

The hack, which Pemex said it detected on Sunday, forced the company to shut down computers across Mexico, freezing systems such as payments, according to five employees and internal emails.

Hackers have increasingly targeted companies with malicious programs that can cripple systems overseeing everything from supply chains to manufacturing, removing them only after receiving substantial payments.

A ransom note that appeared on Pemex computers seen by Reuters pointed to a darknet website affiliated with "DoppelPaymer," a type of ransomware.

The website demanded 565 bitcoins, or nearly $5 million at current prices, and threatened Pemex with a 48-hour deadline, listing an email address to contact.

When Reuters wrote to the email for details, the apparent hackers replied, saying that Pemex had missed a deadline for a "special price," an apparent reference to the discounts sometimes offered to ransomware victims for early payment. But they said Pemex still had time to meet their bitcoin demand and would not comment further while the new deadline was pending.

Pemex did not immediately respond to a request for comment about the ransom demand.

The attack is the latest challenge for Pemex, which is battling to pay down heavy debts, reverse years of declining oil production and avoid downgrades to its credit ratings.

Pemex said its storage and distribution facilities were operating normally and that the attack had affected less than 5% of its computers.

"Let's avoid rumors and disinformation," it said in a statement.

A person who works in Pemex's production and exploration said that division was not affected.

There was some confusion about which form of ransomware was used in the attack. One Pemex official said in an internal email the company was targeted by "Ryuk," a strain of ransomware that experts say typically targets companies with annual revenue between $500 million and $1 billion - far below Pemex's levels.

DoppelPaymer is a relatively new breed of ransomware that cybersecurity firm CrowdStrike said was behind recent attacks on Chile's Agriculture Ministry and the town of Edcouch in Texas.

On Tuesday, Pemex was reconnecting unaffected computers to its network using software patches and wiping infected computers clean, said one source, who spoke on condition of anonymity.

The company had to communicate with employees via mobile messaging service WhatsApp because employees could not open their emails, said another source, who was also not authorized to speak to reporters.

"In finances, all the computers are off, there could eventually be problems with payments," the person said.

Companies taken hostage digitally can suffer catastrophic damage, whether or not they pay ransom.

Norwegian aluminum producer Norsk Hydro was hit in March by ransomware that spread to 160 sites, eventually forcing parts of the industrial giant to operate via pen and paper.

The company refused to pay the ransom. But it said the attack generated up to $71 million in cleanup costs - of which only $3.6 million so far had been paid out by insurance.

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.