AMLO: “1 -They didn’t steal anything; 2- We will not respond to blackmail;” 3 – Hackers finally reveal data from 200k PEMEX computers

A couple of months ago, Mexican oil company PEMEX suffered a cybersecurity incident. Although the official version mentioned that this was a minor flaw, unofficial sources revealed that in fact, the public company suffered an infection of the DopplePaymer ransomware, employed by the most dangerous hacking groups worldwide.

Although the Mexican government, led by President Andres Manuel Lopez Obrador closed the case, the discovery of a website apparently controlled by hackers began to worry many company executives. On the website, called Dopple Leaks, an image of alleged PEMEX confidential documents (extracted during the ransomware attack) was posted, followed by a message from hackers, threatening to expose the information in case they do not receive a ransom. 

Threats were dismissed as the official version indicated that the company’s data was not compromised. However, not everything was said and done, as a security firm revealed the discovery of 11 leaked files on the Internet belonging to PEMEX. These files, in different formats, contain IP addresses, passwords and even plans and schematics of the oil company.

To make matters worse, if this information happens to be legitimate, any user with regular knowledge could remotely access more than 180 thousand PEMEX computers.

The leak has been confirmed by multiple cybersecurity firms. In total, hackers exposed 11 compressed files of less than 3GB containing tens, or even hundreds, of text files, spreadsheets, and PDF files, among others. According to Hiram Camarillo, responsible for the find, the incident exposes the integrity of thousands of the company’s computer equipment.

The evidence of the seriousness of the incident is truly obvious and available to anyone who knows where to look. Still, the oil company keeps insisting on the official version, even local media have reported that PEMEX has concealed any reports related to the cyberattack for the next five years, so this is confidential information.

As if that weren’t enough, Camarillo believes that this is just the beginning of what could become a massive information leak that could even compromise the company’s operations, so it is necessary for the Mexican government to take significant measures as soon as possible.