Some Petroleos Mexicanos employees were told not to access the company’s computer system on Monday after it was unexpectedly shut down over the weekend, according to people familiar with the situation.
A Pemex spokeswoman who asked not to be identified, citing internal policy, said that Pemex systems were operating normally and that an alleged statement from Pemex on Twitter about a cyber attack was fake. The rumor was provoked by a Pemex notice informing staff that the company’s computer security was being strengthened in the face of cyber threats, she said.
In a statement Monday night, the state oil company said it received attempted cyber attacks Nov. 10 that were neutralized quickly and affected less than 5% of personal computing devices. The statement urged the oil community “to avoid rumors that damage the image of the company.”
Pemex’s system was apparently attacked by Ryuk ransomware, malicious software designed to extort money, according to one of the people who spoke to Bloomberg.
Workers at PMI, Pemex’s trading arm, received internal messages advising them not to start their computers or connect to the Wi-Fi on their phones after the system was shut at noon on Sunday, according to emails seen by Bloomberg.
PMI’s system was operating again by Monday afternoon, although all emails from Pemex are being treated with caution and workers were advised not to use some Pemex services such as Pemex Movil, according to one email. Workers were cautioned that the company was running anti-virus programs that could slow down applications.
Pemex didn’t immediately respond to a request confirming the authenticity of the emails.
Disruptive technologies have been a double-edged sword in the global oil industry. As oil companies seek to improve efficiency and worker safety by increasingly digitizing their operations, they face unprecedented security risks through ever-more sophisticated cyber attacks.
© 2019 Bloomberg L.P.