Hacker Wants Near $5MM Ransom from Pemex
(Bloomberg) -- The hacker behind a cyberattack that has crippled Petroleos Mexicanos’s computer systems since the weekend is hoping to squeeze almost $5 million out of the company and appears to have set a deadline of Nov. 30.
Pemex has other ideas, saying it won’t pay the ransom and hopes to solve the cyberattack problem today [Nov 13], according to comments made by Mexico energy minister Rocio Nahle on Wednesday.
Those comments were among the latest in an unfolding drama that has pitted the Mexican oil giant against an unknown hacker who uses the name “Joseph Atkins” in an email address -- almost surely a pseudonym. Responding to an email from Bloomberg News, the person declined to comment about Pemex until Nov. 30, the end of a three-week deadline.
The person also said his group’s hacks aren’t limited to the oil sector and suggested they were responsible for a previous cyberattack on Roadrunner Transportation Systems Inc., which is based in Wisconsin and offers truck freight transportation services. “They did not pay and recovered themselves, and left us GB’s of their data,” the person said, in broken English. The person also confirmed that the group was seeking 565 Bitcoins, which is roughly equivalent to $4.8 million.
The email address was obtained from a message to a Pemex employee requesting the ransom money, which was viewed by Bloomberg News. “The faster you get in contact, the lower price you can expect,” it said.
Growing Epidemic
Pemex declined to comment on whether the hackers imposed a deadline. The company said in a statement earlier this week that operations were normal after it was subjected to cyberattacks Nov. 10 that affected less than 5% of personal computing devices.
The cyberattack highlights the growing epidemic of attacks against global companies that turn their own vulnerable IT systems against them – in this case by hijacking data they need to function. While some companies resist, others quietly pay, often on advice of security experts, fueling further attacks.
In this case, the hackers have also struck at a potent symbol of Mexican national pride that has fallen on hard times. Pemex, once a driving force of the country’s economic health, faces almost 15 years of output declines and more than $100 billion of debt, the highest of any oil company. In one recent sign of the oil giant’s vulnerability, Fitch Ratings Inc. in June cut Pemex’s bond rating to junk.
“There has to be some changes if they want to keep the market calm after these attacks,” said Mario Ahumada, a senior analyst of energy and infrastructure for risk consultancy EMPRA in Mexico City.
Locked Out
On Wednesday, some Pemex employees were still locked out of their computers and told not to log on to the company’s Wi-Fi network, according to two people familiar with the situation. Pemex personnel have been busy since Tuesday wiping infected computers and installing software patches, said one of the people.
Pemex is relying on manual billing that could affect payment of personnel and suppliers and hinder supply- chain operations, the people said, asking not to be identified because they aren’t authorized to speak to the press. Invoices for fuel to be delivered from Pemex’s storage terminals to gasoline stations are being written by hand, and Pemex employees fear that if the problem isn’t resolved they won’t get paid on Nov. 27, when their next paycheck is due.
Neither Pemex or Mexican authorities have identified the type of malware used in the attack. However, there are indications that it may be a strain known as DoppelPaymer, according to cybersecurity firm Crowdstrike Inc. The firm first saw DoppelPaymer deployed in June attacks, according to Adam Meyers, the company’s vice president of intelligence. Crowdstrike had previously connected the Joseph Atkins email to DoppelPaymer attacks.
The cybersecurity company Coveware, Inc. also connected the attack to DoppelPaymer after reviewing the ransom note and the email associated with it, which was posted online, according to Bill Siegel, the chief executive officer and co-founder. He said that the “scope and nature” of the attack is consistent with DoppelPaymer attacks, which typically target large enterprises.
Roadrunner Breach
Roadrunner declined to comment. The company has previously disclosed that its systems were breached in 2018. In a letter addressed to the New Hampshire attorney general, Roadrunner’s lawyer said a hacker had gained access to Workday, the company’s HR management platform, by sending phishing emails to its employees. Workday contained the private information of Roadrunner employees, including their name, address, Social Security number and payroll information. Roadrunner offered free credit monitoring to its employees as a result of the hack.
12
View Full Article
WHAT DO YOU THINK?
Generated by readers, the comments included herein do not reflect the views and opinions of Rigzone. All comments are subject to editorial review. Off-topic, inappropriate or insulting comments will be removed.
- Japan Failing to Meet Corporate Demand for Clean Power: Amazon
- Russian Navy Enters Warship-Crowded Red Sea Amid Houthi Attacks
- Libya's Surprise Oil Minister Change Throws Spotlight on Output
- Oil Seals Quarterly Gain in Tightening Market
- Oman Sees Increasing Ship-to-Ship Transfers of Russian Oil Bound for India
- Falcon Oil Declares Commercial Flow Test Results for Shenandoah Well
- Japan Failing to Meet Corporate Demand for Clean Power: Amazon
- Macquarie Strategists Expect Brent Oil Price to Grind Higher
- UK Oil Regulator Publishes New Emissions Reduction Plan
- PetroChina Posts Higher Annual Profit on Higher Production
- Pennsylvania County Joins List of Local Govts Suing Big Oil over Climate
- McDermott Settles Reficar Dispute
- US, SKorea Launch Task Force to Stop Illicit Refined Oil Flows into NKorea
- Russian Navy Enters Warship-Crowded Red Sea Amid Houthi Attacks
- USA Commercial Crude Oil Inventories Increase
- New China Climate Chief Says Fossil Fuels Must Keep a Role
- Equinor Makes Discovery in North Sea
- Standard Chartered Reiterates $94 Brent Call
- India Halts Russia Oil Supplies From Sanctioned Tanker Giant
- DOI Announces Proposal for Second GOM Offshore Wind Auction
- Centcom, Dryad Outline Recent Moves Around Red Sea Region
- PetroChina Set to Receive Venezuelan Oil
- Czech Conglomerate to Buy Major Stake in Gasnet for $917MM
- US DOE Offers $44MM in Funding to Boost Clean Power Distribution
- Oil Settles Lower as Stronger Dollar Offsets Tighter Market
- Chinese Mega Company Makes Major Oilfield Discovery
- VIDEO: Missile Attack Kills Crew Transiting Gulf of Aden
- Norway Regulator Blasts Proposal to Halt New Oil and Gas Permits
- Chinese Mega Company Makes Another Major Oilfield Discovery
- New China Climate Chief Says Fossil Fuels Must Keep a Role
- What Is the Biggest Risk to Offshore Oil and Gas Personnel in 2024?
- Vessel Sinks in Red Sea After Missile Strike
- Exxon Rights in Stabroek Do Not Apply to Hess Merger with Chevron: Hess
- Analysts Reveal Latest Oil Price Outlook Following OPEC+ Cut Extension
- Equinor Makes Discovery in North Sea