Pemex Refuses to Pay Hackers

cyber security
file photo

Published Nov 13, 2019 7:21 PM by The Maritime Executive

Hackers have demanded about $5 million in bitcoins from Mexico’s state oil company, Pemex.

The hack, which Pemex said it detected on Sunday, forced the company to shut down less than five percent of its computers in Mexico. Reuters reports that the ransom note that appeared on Pemex computers pointed to a darknet website affiliated with DoppelPaymer - a type of ransomware.

Some payment operations have been affected, but Pemex said that fuel output, storage and inventories were operating normally.

In July, CrowdStrike Intelligence identified the ransomware which it says was behind a series of ransomware campaigns beginning in June, including attacks against the City of Edcouch, Texas, and the Chilean Ministry of Agriculture. “We have dubbed this new ransomware DoppelPaymer because it shares most of its code with the BitPaymer ransomware operated by INDRIK SPIDER.” INDRIK SPIDER was formed in 2014 by former affiliates of the GameOver Zeus criminal network who developed their own custom malware known as Dridex, now one of the most prevalent malware families. In August 2017, the group introduced BitPaymer ransomware and began to focus on leveraging access within a victim organization to demand a high ransom payment.

Earlier this year, aluminum producer Norsk Hydro suffered a cyber attack by the ransomware LockerGoga. The company refused to pay the ransom, reports Reuters, and had to pay around $70 million in cleanup costs. So far, only $3.6 million has been paid out by insurance. 

Previous cyber attacks have been made on Nyrstar, Saudi Aramco, Rosneft  and Maersk, among others.