Context:
Hackers demanded about $5 million (roughly Rs.36 crores) in Bitcoin from Mexico’s Pemex in a cyberattack. The hack detected on Sunday (November 10) by Premex, and the company was forced to shut down its computers across Mexico. Premex encountered with a darknet affiliated with ‘DoppelPaymer’ (a type of ransomware).
Ransomware Attack:
DoppelPaymer is also said to be behind recent attacks on Chile’s Agriculture Ministry and the town of Edcouch in Texas. The website demanded 565 Bitcoins, or nearly $5 million at current prices, and threatened Pemex with a 48-hour deadline, listing an email address to contact. The attack is known to be the latest challenge for Pemex, which is battling to pay down massive debts and declining oil production to avoid downgrades to its credit ratings.
According to an official of a trusted company, it was not sure exactly which form of ransomware was used in the attack. The storage and distribution facilities were operating normally and that the attack had affected less than 5 percent of its computers.
The company had to communicate with employees via mobile messaging service because employees could open their emails. Many organizations and governments have been victimized to ransomware attacks in recent times. Companies taken hostage digitally can suffer catastrophic damage, whether or not they pay the ransom.
DopplePaymer has first targeted victims in June 2019. The earlier builds are missing many of the new features found in later variants, making it unclear if they deployed to victims or if they simply built it for testing. The ransom note used by DoppelPaymer is similar to those used by the original BitPaymer in 2018. The note doesn’t include the ransom amount, but it does contain a URL for a TOR-based payment portal, and instead of using the keyword KEY to identify the encrypted key, the note uses the keyword DATA.
Impact:
The attack forced the oil company to shut off computers across Mexico, and one of the systems affected was payments. The hackers left a message that pointed to a site on the dark web that demanded a Bitcoin ransom of 565 bitcoins, which is roughly worth $5 million and a payment deadline of 48 hours.
A ransom ‘note’ on the infected computers directed the company to a website on the dark web connected with the ‘DoppelPaymer’ malware.
According to the oil company, only 5% of their computers were compromised, and the system has been completely wiped out. The company specified that oil production was not impacted by the ransomware attack. Premex has not paid the hackers their demand of $5 million, but the company specified that the attack is costing them $71 million to clean up computer systems.
Some victims choose to pay the ransom while some don’t. The sad reality is that ransomware attacks are going to continue now and even in the future victimizing numerous systems from anywhere in the world. This was all about the recent ransomware attack. If you are interested in knowing more about day-to-day cyber attacks, head to the blog section for more information. A must-read – How to Detect Phishing Websites? Typically, a victim receives a message that appears to have been sent by a known contact or organization. The message contains malicious software targeting the user’s computer or has links to direct victims to malicious websites in order to trick you into divulging personal and financial information, such as passwords, account IDs, or credit card details. To know more, visit here!
Stay Updated. Stay Protected!
