Parts of the Petróleos Mexicanos (Pemex) oil company network were taken down after they suffered from a ransomware attack on Sunday. Although the attack was quickly neutralized and had a low quantitative impact on computers within the network, the attackers reportedly demanded a 565 BTC ($4.9 million) ransom, claiming they had gathered classified and sensitive data from the network. Investigation into the attack revealed that DoppelPaymer ransomware was used.
Doppelpaymer is a version of BitPaymer, ransomware that initiates attack by dropping an infection chain that later installs Emotet and Dridex. BitPaymer was developed by ransomware developer group TA505, and it is likely that former members of TA505 were responsible for the Pemex attack. Sources claim that Pemex did not reach out to the attackers to negotiate payment.
Read More: Mexican Oil Company Pemex Hit by Ransomware