Pemex administration on manual after cyber attack
A ransomware attack that hit Mexico's Petroleos Mexicanos is disrupting the company's billing systems.
Company is being forced to rely on manual billing amid attack
Pemex employees still don't have access to emails and internet
By Amy Stillman and Alyza Sebenius / Bloomberg
Petroleumworld 11 13 2019
A ransomware attack that hit Mexico's Petroleos Mexicanos is disrupting the company's billing systems, according to people familiar with the situation.
Pemex is relying on manual billing that could affect payment of personnel and suppliers and hinder supply chain operations, the people said, asking not to be identified because they aren't authorized to speak to the press.
Invoices for fuel to be delivered from Pemex's storage terminals to gasoline stations were being done manually on Tuesday. At the company's refining arm, some employees couldn't access emails or the internet on Tuesday and computers were operating more slowly. If the situation isn't resolved by Wednesday, it could affect Pemex's ability to to pay personnel and some suppliers, one of the people said.
Pemex said in a Twitter post Tuesday that fuel storage terminals were operating regularly, and gasoline supply was “guaranteed.” That followed a statement on its website late Monday that operations were normal, after it was subjected to cyber attacks Nov. 10 that affected less than 5% of personal computing devices. There are indications that that the malware deployed against Pemex may be DoppelPaymer, according to cybersecurity firm Crowdstrike Inc.
Pemex's ransomware attack -- in which systems are frozen by hackers until a ransom is paid -- is the latest cyber incursion to hit the commodities industry. Payment problems could disrupt a supply chain that stretches across fuel retailers, global trading companies, oil industry servicers and trucking firms.
Earlier this year, Norsk Hydro ASA was hit, following previous attacks on companies from zinc smelter Nyrstar NV to oil giants Saudi Aramco and Rosneft PJSC, shipping company AP Moller-Maersk A/S and agriculture trader Archer-Daniels-Midland Co.
READ: Cyber Attack Puts a Spotlight on Fragile Global Supply Chain
The blow comes as Pemex seeks to reduce its debt, now the highest of any oil company, and reverse 14 years of production declines. Pemex's efforts to balance its books at times conflicts with the need to finance the nation's budget, which relies on the company for nearly a fifth of its revenue. A fresh downgrade of its bonds looms as the company has failed to deliver a viable strategy to reverse output declines and replenish reserves.
In Villahermosa, Tabasco, employees involved in well-drilling services were told Tuesday they could start their computers, but not log on to the network, another person said. Telephone lines aren't working, and there's no access to the company network, corporate emails or Skype.
Staff payments may have to be done by telephone, said another person. In Pemex's finance department, external emails weren't coming through, affecting daily payments, people said.
Disruptive technologies have been a double-edged sword in the global oil industry. As oil companies seek to improve efficiency and worker safety by increasingly digitizing their operations, they face unprecedented security risks through ever-more sophisticated cyber attacks.
An internal message Monday indicated that the systems were infected by the Ryuk malware, according to a person familiar.
However, Crowdstrike Inc. has some indication that the malware may be DoppelPaymer, a form of ransomware that the firm first saw deployed in June attacks, according to Adam Meyers, the company's Vice President of Intelligence.
DoppelPaymer attacks are typically executed against “high value targets” -- such as a health care organization, school district, or printing press -- and executed at at a time when they “need to be up an running” and may therefore feel compelled to pay a ransom, which is typically valued in the hundred of thousands or millions of dollars range, Meyers said.
Meyers found a sample of DoppelPaymer on a malware-sharing repository that contained an embedded payment portal requesting 565 Bitcoin, which is roughly equivalent to $4.8 million. The payment portal was addressed to Pemex, which led Meyers to make the connection between DoppelPaymer and the recent attack.
DoppelPaymer attacks tend to be “financially criminal in nature,” according to Meyers. The hackers responsible typically move laterally, deploying ransomware across victim organizations so that they are “out of business” until they pay the ransom or else take the expensive step of restoring data from backups.
Story by Amy Stillman and Alyza Sebenius from Bloomberg.
bloomberg.com / 11 12 2019
We invite you to join us as a sponsor.Circulated Videos, Articles, Opinions and Reports which carry your name and brand are used to target Entrepreneurs through our site, promoting your organization’s services. The opportunity is to insert in our stories pages short attention-grabbing videos, or to publish your own feature stories.________________________
Copyright© 1999-2019 Petroleumworld or respective author or news agency. All rights reserved.
We welcome the use of Petroleumworld™ (PW) stories by anyone provided it mentions Petroleumworld.com as the source.
Other stories you have to get authorization by its authors. Internet web links to http://www.petroleumworld.com are appreciated.
Petroleumworld welcomes your feedback and comments, share your thoughts on this article, your feedback is important to us!
We invite all our readers to share with us
their views and comments about this article.Write to email@example.com
By using this link, you agree to allow PW
to publish your comments on our letters page.
Any question or suggestions,
please write to: firstname.lastname@example.org
Best Viewed with IE 5.01+ Windows NT 4.0, '95,
'98,ME,XP, Vista, Windows 7,8,10 +/ 800x600 pixels