Pemex is required to pay the Bitcoin ransom within two weeks or face paying double after. About 5% of the computers have been affected by the DoppelPaymer software. The oil giant's billing systems are the most impacted and could lead to delays in paying salaries.…
The hackers who hit Mexico’s state oil giant Pemex earlier this week with ransomware are demanding hundreds of Bitcoin in order to provide the decryption software.
According to Bleeping Computer, the ransomware used to target the Fortune 500 firm is DoppelPaymer. So far Pemex believes that under 5% of its computers have been affected by the ransomware. The oil giant’s billing systems have been the most impacted by the cyberattack and the department has now resorted to a manual workaround.
In a tweet, the oil giant has stated that the supply and distribution of petroleum and associated products in the country remain unaffected.
Per the ransom note, the hackers have pegged the price of their decryption at 565 Bitcoin. At the current Bitcoin price, that amounts to $4,928,455. The attackers, however, promised a ‘good discount’ if contacted within 48 hours. But failure to make contact with the hackers within two weeks will see the ransom double to 1130 Bitcoin.
Additionally, the hackers have threatened to disclose the firm’s private sensitive data if Pemex decides not to pay.
According to cybersecurity firm CrowdStrike, the DoppelPaymer ransomware first came to public attention in June. There are, however, earlier builds of the ransomware dating back to April. By July the cybersecurity firm estimates that three victims of the ransomware had paid about 142 Bitcoin. This was worth nearly $1.5 million at the prevailing prices then.
DoppelPaymer can spread rapidly owing to its threaded-file encryption mechanism. The ransomware uses the anonymous communication browser TOR for payments. DoppelPaymer is considered a fork of the BitPaymer ransomware. The ransomware normally targets medium to large organizations such as local governments and big corporations.
Another of the ransomware’s features that makes it particularly dangerous is that it makes recovery from backups impossible. This is because it either encrypts and deletes backup data. DoppelPaymer also has the capacity to format backup disks as the ransom note below from a previous case shows.
This either leaves the victims with either the option of paying the Bitcoin ransom or taking the expensive route of starting afresh. Per reports, Pemex seems to have chosen this path, consequences be damned. Infected computers have been wiped clean, according to a source who spoke to Reuters. Unaffected computers have, on the other hand, received software patches.
This article was edited by Samburaj Das.
Last modified: November 13, 2019 11:08 AM UTC