A ransomware attack hit computer servers and halted administrative work on Monday at Mexican state oil firm Pemex, according to employees and internal emails, in hackers’ latest bid to wring ransom from a major company.
Hackers have increasingly targeted companies with malicious programs that can cripple systems overseeing everything from supply chains to payments to manufacturing, removing them only after receiving substantial payments.
An internal email seen by Reuters said Pemex was targeted by “Ryuk,” a strain of ransomware that experts say typically targets companies with annual revenue between $500 million and $1 billion.
“We are taking measures at the national level to fight RYUK ransomware, which is affecting various Pemex servers in the country,” a company official said in an email on Sunday.
The attack is the latest challenge for embattled Pemex, already struggling to pay down massive debt, reverse years of declining oil production and fend off potential downgrades of its credit ratings.
Pemex said in a statement late on Monday that attempted cyber attacks the day before were “neutralized” in a timely matter and affected less than 5% of its computers.
Operations were normal, and oil production and storage were unaffected, Pemex added, noting that it often received cyber attacks and threats but none had yet been successful.
The company had said on Sunday its computer center in the state of Mexico had detected an attack by ransomware that could “block a computer screen or encode important, predetermined files with a password.”
Pemex added it hoped for a solution in 48 hours and warned users nationwide to not turn on their computers.
In a separate internal e-mail also seen by Reuters, Pemex told employees to disconnect from its network and back up critical information from hard drives.
Three Pemex employees said work ground to a halt on Monday because staff could not access a range of computer systems, such as those dealing with payments.
“The servers crashed. People aren’t working,” said one, who asked not to be identified as he was not authorized to speak to the media. (Reporting by Adriana Barrera; Additional reporting by Ana Isabel Martinez; Writing by Daina Beth Solomon.)