At first, the ransomware attack on Pemex, Mexico's oil giant, sounded like a relatively minor issue.
More of a close call than anything else.
Pemex ransomware attack: no impact?
Pemex issued a statement saying, "The supply of gasoline is guaranteed," and asked people not to believe the, "wave of rumors and apocryphal communication" about the incident.
Apocryphal communication? The translation on that one may not be exactly right, but we get the point.
A point also driven home by Mexico's Security Minister Alfonso Durazo who downplayed the attack. He told reporters this week that the Pemex ransomware attack is "totally under control" and "without consequences."
Pemex also said it would not be paying any sort of ransom.
So move along to the next cyberattack story, because there's nothing to see here.
Pemex employees reveal ransomware attack is worse than admitted
Well, actually, there may be something to see. In fact, it sounds like there have been some significant impacts for Pemex employees following the ransomware attack.
Reuters reports that the hackers demanded a $4.9 million ransom and that employees are revealing true impacts of the attack:
"In one Pemex office building, entire floors of computers were wiped out," said one worker who spoke on condition of anonymity, adding, “We're still not operating normally."
Another Pemex employee, who was also not authorized to speak to reporters, said networks remained down and some workers had resorted to using old laptops to "half-way work."
And Bloomberg also found employees who disclosed other problems the cyberattack is causing:
A ransomware attack that hit Mexico's Petroleos Mexicanos is disrupting the company's billing systems, according to people familiar with the situation.
Pemex is relying on manual billing that could affect payment of personnel and suppliers and hinder supply chain operations, the people said, asking not to be identified because they aren't authorized to speak to the press.
Pemex: please stop spreading rumors that ransomware attack hurt us
So which side of the story do you believe? Is the Pemex ransomware attack significant and impactful?
Or is the cyberattack no big deal, and you deserve two minutes of your life back for having to read this story?
Let us know what you think.
And we'd like to pass on one final comment from the Pemex statement on the attack. If, by chance, you think the impact is significant, please avoid talking about it:
"Pemex reinforces its computer security and invites the oil community and society to avoid rumors that damage the company's image."
[RESOURCE: Discuss ransomware with your peers at the SecureWorld cybersecurity conference in your region.]
