Thu, Nov 14, 2019 - Page 10 News List

Hackers holding Pemex for ransom in cyberattack


Hackers demanded about US$5 million in bitcoin from Petroleos Mexicanos (Pemex), they told reporters on Tuesday, saying the state oil company missed a special discount by not paying immediately after a cyberattack that fouled up the firm’s systems.

The hack, which Pemex said it detected on Sunday, forced the company to shut down computers across Mexico, freezing systems such as payments, according to five employees and internal e-mails.

Hackers have increasingly targeted companies with malicious programs that can cripple systems overseeing everything from supply chains to manufacturing, removing them only after receiving substantial payments.

A ransom note that appeared on Pemex computers seen by reporters pointed to a darknet Web site affiliated with “Doppel

Paymer,” a type of ransomware.

The Web site demanded 565 bitcoins, or nearly US$5 million at current prices, and threatened Pemex with a 48-hour deadline, listing an e-mail address to contact.

When Reuters wrote to the e-mail for details, the apparent hackers replied that Pemex had missed a deadline for a “special price,” an apparent reference to the discounts sometimes offered to ransomware victims for early payment.

However, they said Pemex still had time to meet their bitcoin demand and would not comment further while the new deadline was pending.

Pemex did not immediately respond to a request for comment about the ransom demand.

The attack is the latest challenge for Pemex, which is battling to pay down heavy debts, reverse years of falling oil production and avoid downgrades to its credit ratings.

Pemex said its storage and distribution facilities were operating normally and that the attack had affected less than 5 percent of its computers.

“Let’s avoid rumors and disinformation,” it said in a statement.

A person who works in Pemex’s production and exploration said that division was not affected.

There was some confusion about which form of ransomware was used in the attack.

One Pemex official said in an internal e-mail the company was targeted by “Ryuk,” a strain of ransomware that experts say typically targets companies with annual revenue between US$500 million and US$1 billion — far below Pemex’s levels.

DoppelPaymer is a relatively new breed of ransomware that cybersecurity firm CrowdStrike said was behind recent attacks on Chile’s Ministry of Agriculture and the town of Edcouch, Texas.

On Tuesday, Pemex was reconnecting unaffected computers to its network using software patches and wiping infected computers clean, said one source, who spoke on condition of anonymity.

It had to communicate with employees via mobile messaging service WhatsApp, because employees could not open their e-mails, said another source, who was also not authorized to speak to reporters.

“In finances, all the computers are off, there could eventually be problems with payments,” the person said.

This story has been viewed 2274 times.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top