Mexico’s state-run Pemex has no intention of paying the ransom that cyber attackers have requested, Mexico’s Energy Minister and Pemex board chairman Rocio Nahle said on Wednesday, according to Reuters.
Cyber attackers targeted Pemex’s administrative headquarters in Mexico City, without disruption to it’s the oil company’s plants and wells. Nevertheless, the incident highlights the growing importance of cybersecurity in the oil and gas industry and all its critical infrastructure across the globe.
The demanded ransom was $5 million, to be paid in bitcoin.
Sources who spoke to Bloomberg suggested that Pemex’s ability to pay personnel and suppliers could be hindered if the issues that slowed computer systems weren’t resolved by today.
The cyber attack was thought to use DoppelPaymer malware, according to cybersecurity firm Crowdstrike Inc. According to Pemex internal documents seen by Reuters, however the malware involved is RYUK.
While the threat appears minimal with the nuts and bolts of its oil and gas operations flowing smoothly, billing and payment disruptions for the heavily indebted oil company could be particularly painful.
The DoppelPaymer malware is designed to hold financial abilities hostage until the ransom is paid—but today’s refusal from Pemex to do just that may mean Pemex will need to restore computer systems from backups. The cyber attackers vowed to release Pemex’s “private sensitive data” if they did not get paid.
The official word from Pemex is that fewer than 5% of its computers were affected, but some employees have suggested that the figure if far more.
The most recent cyber attack, aside from this one on Pemex, happened as recently as two weeks ago, when North Korean hackers targeted a nuclear plant in India.