Mexican state-owned oil firm Pemex has been hit by a ransomware attack that halted critical operations, prompting the company to disconnect its network from the internet and back up critical information from hard drives.
According to multiple reports from Reuters and Bloomberg, Pemex (short for “Petróleos Mexicanos”) servers were infected by Ryuk, a ransomware strain that’s typically distributed via email phishing campaigns or botnets like Emotet.
“We are taking measures at the national level to fight Ryuk ransomware, which is affecting various Pemex servers in the country,” Pemex told Reuters.
Ryuk — believed to be operated by cybercrime group Grim Spider — primarly targets large organizations, and has been involved in a number of high-profile ransomware cases just this year, including those in Riviera Beach and Lake City, leading city officials to pay up a collective ransom of $1.06 million to restore access.
In a statement on Monday night, the state oil company said the attempted cyberattacks were neutralized quickly and affected less than 5 percent of its computers.
📌Pemex opera con normalidad. pic.twitter.com/IF7kf6VIEk
— Petróleos Mexicanos (@Pemex) November 12, 2019
We’ve reached out Pemex for more specifics, and we’ll update the story accordingly if we hear back.
The development comes as criminals have been increasingly targeting businesses, especially those part of supply chains, to cripple systems with ransomware in an attempt to extort money from victims.
If anything, the ever-evolving sophistication of cyberattacks underscores the need for preparedness and practicing good security hygiene. Watching out for phishing emails, hardening the IT infrastructure, removing administrator rights, and adding multi-factor authentication can go a long way towards improving security.
Update on Nov. 13 9:00 AM IST: While initial reports suggested Pemex was affected by the Ryuk Ransomware, a report by Bleeping Computer states that it was a case of DoppelPaymer infection, a variant of BitPaymer ransomware. It also reported that the DoppelPaymer group demanded a ransom of 565 bitcoins, or $4.9 million.