Ransomware Brings Mexico Petrol Company to a Standstill - Binary Defense

Threat Watch

Share on facebook
Share on twitter
Share on linkedin

Ransomware Brings Mexico Petrol Company to a Standstill

Early Monday morning, Pemex, Mexico’s state petroleum company was hit with ransomware, bringing several critical systems to a halt.  While early news agencies were reporting on Ryuk, upon an investigation of the binaries by several researchers including Vitali Kremez, it was discovered that this attack was carried out using the BitPaymer lookalike, DoppelPaymer.  The actors behind this attack are demanding a ransom of $5 million at the end of November.

ANALYST NOTES

As DoppelPaymer is typically distributed through email malware, like Dridex, practicing safe internet habits, such as not running macros from untrusted sources are a good way to stay safe from this ransomware. Additionally, performing frequent backups that are stored in a location isolated from the rest of the network (such as physical backups), will allow recovery of files without paying a ransom. Sources: https://www.virustotal.com/gui/file/f77b3069cc28b8c4edbfff935dc83ee701821e529a509da7f157b5de52b39863/details

Contact Support

Please complete the form below and a member of our support team will respond as quickly as possible.