The hackers demanded about $ 5 million (about Rs 3 crore) in bitcoin from Mexico’s Pemex, they told Reuters on Tuesday, after the state’s oil firm waived a special exemption from not paying immediately after the cyber attack , Which promoted the company’s systems. The hack, which Pemex said it detected on Sunday, forced the company to shut down computers throughout Mexico, including freezing systems such as payments, according to five employees and internal emails.
Hackers have targeted companies with malicious programs that can oversee everything from supply chains to manufacturing, removing them only after receiving sufficient payments.
The ransom note appearing on Pemex computers viewed by Reuters points to a Darknet website associated with “doppelpamer”, a type of ransomware.
The website demanded 565 bitcoins, or about $ 5 million at current prices, and listed an email address to contact, threatening Pemex with a 48-hour time limit.
When Reuters wrote in an email for details, apparent hackers responded, Pemex had missed a deadline for the “special price”, sometimes a waiver given to ransom victims for ransom. Explicit reference. But he said that Pemex still has time to meet its bitcoin demand and would not comment further, pending a new deadline.
Pemex did not immediately respond to a request for comment about the ransom demand.
The attack is the latest challenge for Pemex, which is battling to pay off huge debt, years of declining oil production and a drop in its credit rating.
Pemex said its storage and distribution facilities were operating normally and the attack affected less than 5 percent of its computers.
“We avoid rumors and dissolution,” it said in a statement.
A person who works in the production and exploration of Pemex said the division was not affected.
There was some confusion as to what form of ransomware was used in the attack. A Pemex official said the company was targeted by “Rook” in an internal email, a strain of ransomware that experts say is typically below the level of Pemex with annual revenues of between $ 500 million and $ 1 billion Targets companies with.
DoppelPaymer is a relatively new breed of ransomware that cybercity firm CrowdStrike said was behind the recent attacks on the Chilean Ministry of Agriculture and the city of Adcoche in Texas.
On Tuesday, Pemex was reconnecting unaffected computers to its network using software patches and cleaning up infected computers, a source said, who spoke on condition of anonymity.
The company had to communicate with employees via mobile messaging service WhatsApp because employees could not open their email, said another source, who was not authorized to talk to reporters.
“In finance, all computers are off, eventually there may be problems with payment,” the person said.
Digitally charged companies can suffer catastrophic damage, whether they pay ransom or not.
Norwegian aluminum manufacturer Hip Hydro was hit by ransomware in March, which spread to 160 sites, eventually forcing parts of the industrial giant to operate through pen and paper.
The company refused to provide the ransom. But it said up to $ 71 million in cleaning costs came under attack – of which only $ 3.6 million had been paid by insurance so far.