Mexico’s state-owned petroleum giant Petróleos Mexicanos (Pemex) is insisting all operations are running normally after a suspected ransomware attack, despite reports to the contrary.
The firm claimed that operation and production systems remain unaffected and supply of fuel remains guaranteed. However, it admitted that an attack on Sunday did affect around 5% of its personal computers.
Reports, though, suggest the firm has been harder hit, with Pemex billing systems taken offline, forcing staff to rely on manual processes which means payment of staff and suppliers may be disrupted.
Invoices for fuel sent from Pemex storage facilities to gas stations were being filled in manually while some employees in the petrol giant’s refining business couldn’t access emails or get online on Tuesday, with computers running slowly, sources told Bloomberg.
Although an internal memo reportedly suggested Ryuk as the culprit, security experts have seen leaked ransom notes confirming that the attackers used the DoppelPaymer variant.
A Tor payment site revealed a ransom demand of 565 Bitcoins, (£3.9m, $5m).
The same ransomware is thought to have been used in an attack against Canada’s Nunavut territory earlier this month.
Pemex is the latest in a long line of big-name organizations targeted by ransomware this year. Norwegian aluminium giant Norsk Hydro suffered major outages after being struck in March. The firm later admitted that the attack may have cost it as much as $41m after production was disrupted.
German automation giant Pilz was crippled for over a week by ransomware last month, while US mailing technology company Pitney Bowes and French media conglomerate Groupe M6 admitted suffering attacks.
Over a quarter (28%) of UK firms were hit by ransomware over the previous 12 months, according to research from Databarracks published in July.