<img src="https://ws.zoominfo.com/pixel/4CagHYMZMRWAjWFEK36G" width="1" height="1" style="display: none;">
Request Demo

Mexican state-owned petroleum firm Pemex crippled by ransomware

down-arrow

Mexican state-owned petroleum company Petróleos Mexicanos, known as Pemex, has been targeted in a ransomware attack whose perpetrators are demanding a ransom of 565 bitcoin, worth $4.93 million.

The attack, which forced the company to shut down much of its computer network including payment systems, struck on Sunday. According to Reuters, the Ryuk ransomware was used in the attack.

Ryuk, initially linked to North Korea in 2017 but more recently tied to a Russian criminal syndicate, is a popular form of ransomware. It has been used in high-profile attacks such as attacks on Florida cities in June and a North Carolina water utility in October 2018.

The infection path used in the Pemex attack is currently unknown, but past attacks have been multivector — that is, including the installation of other types of malware before Ryuk. DoppelPaymer, a different form of ransomware, has also been mentioned as possibly being involved in the attack.

Mexican Energy Minister Rocio Nahle said today that Pemex will not pay the ransom. Although some Pemex system have been restored, employees are still reported to be locked out of their computers and were being told not to log on to the company’s Wi-Fi network, presumably to stop any further spread of Ryuk. The company is also said to have been forced to resort to manual billing, including handwritten invoices.

Peter Goldstein, chief technology officer and co-founder of business email compromise firm Valimail Inc., told SiliconANGLE that the attack probably isn’t an isolated one.

“In September 2019, Valimail observed evidence of an email-based ‘spear phishing’ campaign impersonating a subset of major Middle Eastern oil producers,” Goldstein said. “Because spear phishing is the vehicle for about 90% of cyberattacks and is the preferred vector used by the Ryuk ransomware that hit Pemex, this strongly suggests that oil producers worldwide are being targeted.”

To stop these cyberattacks, he added, companies need to prevent the phishing emails from getting to employees’ inboxes in the first place. That can be done by validating and authenticating sender identity.

George Wrenn, founder and chief executive officer of cybersecurity firm CyberSaint Security Inc., noted that too often businesses embrace new technologies to improve efficiency without considering the cybersecurity risks. “Organizations that deliver critical commodities must be especially cautious as the failure of these supply chains could bring not just their business, but their respective country or potentially the global economy, to a halt,” he said.

Originally seen on Silicon Angle - read the original post here

You may also like

Booz Allen Hamilton and CyberSaint ...
on September 7, 2022

MCLEAN, Va. & BOSTON--(BUSINESS WIRE)--Booz Allen Hamilton (NYSE: BAH) and CyberSaint today announced a strategic partnership that aligns Booz Allen’s world-class ...

CyberSaint Continues to Support ...
on July 6, 2022

BOSTON--(BUSINESS WIRE)--CyberSaint, the developer of the leading platform delivering cyber risk automation, announced the addition of CMMC 2.0, allowing customers to adopt the ...

CyberSaint Makes FAIR Model ...
on June 28, 2022

BOSTON--(BUSINESS WIRE)--CyberSaint, the developer of the leading platform delivering cyber risk automation, announced the addition of the FAIR (Factor Analysis of Information ...

CyberSaint Releases CyberStrong ...
on June 21, 2022

BOSTON--(BUSINESS WIRE)--CyberSaint, the developer of the leading platform delivering cyber risk automation, announced the release of CyberStrong version 3.20 today, leading the ...

CRN® Lists CyberSaint in Its 2022 ...
on April 4, 2022

BOSTON--(BUSINESS WIRE)--CyberSaint, the developer of the leading platform delivering cyber risk automation, has been recognized by CRN®, a brand of The Channel Company, in its ...

Award-Winning Cybersecurity ...
on March 17, 2022

BOSTON--(BUSINESS WIRE)--CyberSaint, the developer of the leading platform delivering cyber risk automation, today announced that Nicole Dove, award-winning cybersecurity ...