(Chron.com, Sergio Chapa, 25.Nov.2019) — American oil companies operating south of the border are stepping up their cybersecurity measures after reports of a ransomware attack that allegedly knocked out computers at Mexico’s state-run oil company Petroleos Mexicanos, or Pemex.
Mexican media outlets have been reporting over the past two weeks that a ransomware attack prompted Pemex to shut down all computers at its Mexico City headquarters as a measure to prevent the computer virus from spreading, which meant that employees had to work with clipboards, pens and paper spreadsheets. Hackers, the media reports state, are allegedly demanding 860 bitcoins, worth around $6 million, as a ransom to unlock the company’s computers.
Pemex officials did not respond to Houston Chronicle inquiries about the incident but denied that the attacks took place in a pair of tweets issued last week. One stated that the state-run oil company was “operating as normal” while the other denounced forged bulletins circulating on social media.
The reports of a possible attack have nonetheless prompted foreign companies that work with Pemex to beef up their cybersecurity measures. Some companies that work with Pemex are reportedly blocking Pemex emails and not accepting flash drive from the company as measures to prevent infection.
In a statement, the Latin America office for the California oil major Chevron said the company was aware of the reports about Pemex but reported that its operations in Mexico were not affected.
“We are aware of the reports of a cyberattack affecting certain Pemex digital systems,” the company stated. “At this time, Chevron’s consortium activities with Pemex are not impacted. We continue to monitor the situation and will take any necessary actions if required.”
Pemex is considered to be a top supplier of heavy crude oil to U.S. refineries. The state-run company posted a $4.6 billion loss on $18.4 billion of revenue during the third quarter amid sagging exports and falling domestic production of gasoline, diesel and other refined products.
Tony Payan, an expert on Mexico’s energy sector with Rice University’s Baker Institute, called the cyberattack a “black eye” to the administration of Mexican President Andres Manuel Lopez-Obrador, or AMLO, who was sworn into office Dec. 2018 and has since dismantled energy reforms that opened Mexico’s energy market to foreign and private competition in favor of propping up Pemex.
Mexican media has been swirling with rumors and conspiracy theories about the cyberattack, Payan said. One of the theories is that the attacks happened a day after armed law enforcement officers allegedly raided Pemex’s offices and seized computers, meaning that the attacks could be an attempt to conceal corruption. Another theory goes that under its financial austerity measure, the AMLO administration did not pay the licenses for anti-virus software at Pemex, leaving the state-run oil company vulnerable to attack.
Spending the last two weeks fielding calls from Pemex employees and concerned oil companies with operations in Mexico, Payan accused the AMLO administration of lying about the cyberattack. Losses, he said, could not be quantified until the situation has been resolved.
“This is just another exhibit of an administration that’s looking amateurish on so many issues ranging from security to energy,” Payan said. “It’s not just Pemex. It’s the whole administration.”