Recently it was revealed that Mexican state oil firm was attacked by ransomware named Sodinokibi aka REvil ransomware. According to a report by McAfee researchers, the main goal of this ransomware is same as others, is to encrypt the file and then request payment for the decryption key. Hackers demanded around 4.9 million dollars with a deadline 30 Nov in bitcoins from the firm.
According to reports, it is said that the attack was detected on last Sunday and forced the company to shut down computers. Pemex tweeted that the attacked had affected less than 5 percent of its computers. However, they are finding difficulties in billing methods. Pemex did not respond quickly to the Ransom pay.
Researchers said that this hacking group has some contact with DoppelPaymer ransomware that cybersecurity firm Crowd Strike said was behind recent attacks on Chile’s Agriculture Ministry.
On Wednesday Pemex employees were told to not log on to their company’s WiFi as it can also be affected. They had started wiping out infected computers and started installing security patches to make more secure. One Pemex official said that the attack started by targetting the company’s internal email and has then spread.
The company is finding difficulties in their billing system and having trouble contacting their employees and also they are contacting employees via Whatsapp because they could not open their emails.
The company refuses to pay the Ransom amount of 4.9 million dollars to hackers. But they said they would recover their systems which would cost around $71 million in cleanup costs out of which only 3.6 million dollars had been paid out by insurance.
