A Mexican oil company was under attack by ransomware that stopped administrative tasks on 11th November. The company came to know about the attack when its central systems couldn’t access information on its various computers across Mexico.
The company was attacked using Ryuk ransomware!
At the time, someone from inside the company that it was Ryuk that the hackers used to breach the company’s servers. This was further corroborated by a Reuters report, which further added that the hackers asked the company for $5 million in Bitcoin within 48 hours. Premex thought they could solve the issue within that time frame. However, they couldn’t, and they had to pay an extra amount for this delay.
Premex was subjected to many attacks in the past
The company’s computer network was under attack several times in the past. However, none of them was successful. A similar attack in the past which was detected and was stopped early on. Only 5% of the company’s computer network was infected. But this latest attack, successful encode passwords and restrict access to important files for the company’s employees.
To prevent any further damage, Premex advised its employees to disconnect there from the central server and backup critical information. But this grounded their administrative work. As the company didn’t pay any amount, other management activities were also inaccessible.
Ryuk is Hacker’s favourite ransomware:
Ryuk is clearly Hacker’s favourite ransomware in the past few years. Earlier on, it was used only on small companies, but now it has been used in some high profile cyberattacks this year. Cybersecurity company Coveware reported that there is a 90% increase in a ransomware attack in Q1 2019.
If the company was successful hacked, they had to pay a huge sum to the attackers and then cover the cost of any lag or downtime suffered by the company during that period.