Mexico’s state-owned petrol company, Pemex, were hit with a ransomware attack impacting less than 5% of their computers.
In a statement, Pemex stated that on November 10, the company had been struck by a cyber attack that fortunately was “neutralized in a timely manner.”
The attack only impacted the functioning of less than 5% of the company’s computer equipment. Pemex added that it is running normally, and the operation and production systems have not been compromised.
Initially, reports emerged claiming that Pemex has been affected by the Ryuk ransomware, however the Tor payment site and leaked ransom notes has confirmed that it was affected by the DoppelPaymer infection.
Security researcher Pollo shared the ransom note with BleepingComputer – who were able to identify the ransomware as DoppelPaymer.
Security researcher Vitali Kremez commented that Pemex could have been targeted by an initial infection of the Emotet Trojan – which would have provided network access to the DoppelPaymer threat actors, thus allowing them to spread the ransomware laterally.
The ransom demand was 565 bitcoins, equating to roughly $4.9 million USD.
Pemex is just one of large organisations targeted by ransomware this year. In March, Norsk Hydro the Norwegian aluminum giant were struck by ransomware causing major outages.
The post #Privacy: Mexican petrol giant struck by ransomware appeared first on PrivSec Report.