Some of Petroleos Mexicanos’s communication systems are still affected two weeks after a cyberattack hit Mexico’s beleaguered state oil firm.
For some employees, internet access is limited, some computer files aren’t accessible and they are having difficulty receiving external emails to corporate accounts, according to people in Pemex’s finance, legal and refining departments who asked not to be identified because they aren’t permitted to speak with the press. Patches have been put in place to prevent the spread of the virus, slowing employees’ computers, they said.
Pemex reported a cyberattack on Nov. 10 that it said affected less than 5% of personal computing devices. Some employees contradicted Pemex’s account that operations were normal, reporting problems with the company’s payment systems. Pemex has reiterated that payments, including workers’ holiday bonuses, will be made on schedule.
Pemex did not immediately respond to a request for comment.
Neither Pemex nor Mexican authorities have identified the type of malware used in the attack. However, there are indications that it may be a strain known as DoppelPaymer, according to cybersecurity firm Crowdstrike Inc.
The cyberattack is the latest in a series of mishaps affecting the state-owned oil giant. With about $100 billion in debt, the highest of any oil major globally, Pemex has delayed payments to suppliers and is under government pressure to reduce spending to meet Mexico’s fiscal target for the year.
Pemex’s refineries are operating at around 40% of their capacity and crude production was 1.66 million barrels a day in October, some one million short of its 2024 output target.