10 | DIC | 2019
The Pemex cyberattack could have caused data loss
A ransomware attack against Pemex took place on November 10 - Kacper Pempel/EL UNIVERSAL

The Pemex cyberattack could have caused data loss

19/11/2019
12:40
Noé Cruz Serrano
Mexico City
-A +A
The Pemex ransomware attack of November 10 could have affected up to 60 high-level areas of the Mexican state oil company

Leer en español

The Pemex cyberattack could have affected 60 directorates, sub-directorates, management, the internal institutional control, and the internal auditing, which are the highest levels of the Mexican state oil company that safeguard relevant information of the firm.

According to a former officer of the company that participated in the implementation of Pemex’s Digital Transformation, that took place in 2017, who asked to remain anonymous, if the objective of the attack to the computer systems was to erase compromising information, “it is highly possible they achieved their goal.”

He said that “in 26% of the cases, a successful cyberattack can eliminate over 10,000 registries.”

He acknowledged that despite the implemented actions to modernize and protect Pemex’s computer systems, “it was planned for IT in Pemex to reach a maturity level of 2.4 during this year when the international suggestion is 4.”

Did you know former Mossad spies exposed bribery scheme at Pemex?

This means that Pemex already has important breaches in terms of IT that cost USD $4 billion.

Regarding security and connectivity to the network, they planned to reach level 3, “although it’s unlikely” said the former officer.

“The possibility of reaching the goals for this year has been compromised by cuts to expenditures in strategic programs in terms of IT,” he said.

He added that in a successful intrusion to Pemex’s computer system, such as the one that took place on November 10, “there are people liable, considering that many providers were hired to protect the systems.”

Did you know Pemex was threatened by a ransomware attack?

Safeguard contract
Pemex migrated information that is kept in huge databases which should be “well cared for,” to save it in Microsoft’s cloud, and it concluded a contract in 2018 valid until July 10, 2021, with Axtel for MXN $32.7 million, plus taxes. The corresponding deal is the 2018-238 PMX_DOPA_PC_GCSSS-SA-CA-N-S, Expressroute Service to give access to the Microsoft Azure y Office 365 cloud.

In addition, the company has asked its employees not to connect to the institutional Internet network, but in this case de contract 2018-294-PMX_DOPA_PC_GCSSS-SA-C-A-N-S, Safe Communication Service for Access to the Internet of Mexican Petroleums and Productive Subsidiaries is valid until 2021, designed for the “protection of the web surfing of 60 thousand users within the oil company’s network distributed in previous sites,” mainly in terms of computer detection and answer and of information leakage.

The contract includes safe communication services in Pemex’s facilities in Mexico City, Villahermosa, Ciudad del Carmen, Minatitlán, Poza Rica, Zapopan, and Reynosa.

Did you know Pemex is drowning in debt?

The contract was assigned to the companies America Information Technologies in consortium with Operbes Company, Operbers Services, Saynet Comprehensive Solutions, and IT Comprehensive Consulting, for an amount of MXN $615.5 million, plus taxes.

The access to the internet on-demand services with infrastructure for Pemex and its subsidiaries was provided for by Axtel and Teléfonos de México, according to the 2018-403-PMX_DOPA_PC_GCSSS-SA-C-A-N-S contract worth MXN $35 million.

Another deal valid until 2020 is the one of comprehensive services, managing desktop and laptop computer equipment, port replicators and monitoring for 67,223 computers and monitors for MXN $1.6 billion.

Did you know Pemex was part of the so-called "Master Fraud"?

mp

Mantente al día con el boletín de El Universal