Pemex grazed by ransomware bullet, but won’t pay

Next story
Rene Holt

This past Monday, one of Mexico’s leading oil refiners, Petróleos Mexicanos, commonly known as Pemex, tweeted that its internal network had braced itself against a cyberattack the day before that affected less than 5% of personal computers. Pemex confirms that systems are operating normally, and the fuel supply chain is still guaranteed.

Some security researchers suggest that the victim computers are compromised with a form of ransomware called DoppelPaymer. However, the Energy Minister, Rocío Nahle, commented that Pemex won’t be giving in to the attacker’s demands.

According to ESET Security Researcher Miguel Ángel Mendoza, this appears to be a targeted attack that should put other companies on the alert, especially in the wake of recent ransomware attacks on Everis, an MSSP, and Cadena SER, a radio network, both located in Spain.

In addition, more than 440,000 customers of SmarterASP.NET were also hit this past weekend by ransomware, and this is following a public disclosure the week before by The Brooklyn Hospital Center in New York admitting that malware had managed to encrypt certain systems on hospital servers and render certain patient data unrecoverable back in July.

Considering the disruption to business continuity that this spate of ransomware attacks has certainly caused, businesses would do well to review their defenses against ransomware:

  1. Use a robust endpoint security solution like ESET Endpoint Security, which has a ransomware shield specifically designed to detect and block behavior that looks like ransomware.

  2. Given that ransomware is often delivered as a secondary or third payload via a spearphishing email, make sure to protect your email servers with a strong security solution like ESET Mail Security for Microsoft Exchange. This has the advantage of preventing your employees from ever needing to see malicious emails that your security solution can block at the network level.

  3. For added protection against advanced persistent threats (APTs) and zero-day threats, you can further bolster your corporate network defenses by layering ESET Dynamic Threat Defense (EDTD) onto your email security solution. EDTD scans all emails coming into your network in a sandbox, which means you can detonate the malware before it detonates in your network.

  4. In the case of a ransomware breach, try to avoid paying the ransom, since there is no guarantee that you will receive the decryption keys, nor that they will work, if given.

  5. Educate your employees to be security-conscious about which links they click on or websites they visit.