English

The Pemex cyberattack could have caused data loss

The Pemex ransomware attack of November 10 could have affected up to 60 high-level areas of the Mexican state oil company

A ransomware attack against Pemex took place on November 10 - Kacper Pempel/EL UNIVERSAL
19/11/2019 |12:40
Noé Cruz Serrano
Reportero de la sección CarteraVer perfil

The Pemex could have affected 60 directorates, sub-directorates, management, the internal institutional control, and the internal auditing, which are the highest levels of the Mexican state oil company that safeguard relevant information of the firm.

According to a former officer of the company that participated in the implementation of Pemex’s Digital Transformation , that took place in 2017 , who asked to remain anonymous, if the objective of the attack to the computer systems was to erase compromising information , “it is highly possible they achieved their goal.”

He said that “in 26% of the cases, a successful cyberattack can eliminate over 10,000 registries .”

Newsletter
Recibe en tu correo las noticias más destacadas para viajar, trabajar y vivir en EU

He acknowledged that despite the implemented actions to modernize and protect Pemex’s computer systems , “it was planned for IT in Pemex to reach a maturity level o f 2.4 during this year when the international suggestion is 4 .”

Did you know

?

This means that Pemex already has important breaches in terms of IT that cost USD $4 billion .

Regarding security and connectivity to the network, they planned to reach level 3 , “although it’s unlikely” said the former officer.

“The possibility of reaching the goals for this year has been compromised by cuts to expenditures in strategic programs in terms of IT ,” he said.

He added that in a successful intrusion to Pemex’s computer system , such as the one that took place on November 10 , “there are people liable, considering that many providers were hired to protect the systems.”

Did you know Pemex was threatened by a

?

Safeguard contract

migrated information that is kept in huge databases which should be “well cared for,” to save it in Microsoft’s cloud , and it concluded a contract in 2018 valid until July 10, 2021 , with Axtel for MXN $32.7 million , plus taxes. The corresponding deal is the 2018-238 PMX_DOPA_PC_GCSSS-SA-CA-N-S , Expressroute Service to give access to the Microsoft Azure y Office 365 cloud.

In addition, the company has asked its employees not to connect to the institutional Internet network, but in this case de contract 2018-294-PMX_DOPA_PC_GCSSS-SA-C-A-N-S , Safe Communication Service for Access to the Internet of Mexican Petroleums and Productive Subsidiaries is valid until 2021 , designed for the “protection of the web surfing of 60 thousand users within the oil company’s network distributed in previous sites,” mainly in terms of computer detection and answer and of information leakage.

The contract includes safe communication services in Pemex’s facilities in Mexico City, Villahermosa, Ciudad del Carmen, Minatitlán, Poza Rica, Zapopan, and Reynosa .

Did you know

?

The contract was assigned to the companies America Information Technologies in consortium with Operbes Company, Operbers Services, Saynet Comprehensive Solutions, and IT Comprehensive Consulting , for an amount of MXN $615.5 million , plus taxes.

The access to the internet on-demand services with infrastructure for Pemex and its subsidiaries was provided for by Axtel and Teléfonos de México, according to the 2018-403-PMX_DOPA_PC_GCSSS-SA-C-A-N-S contract worth MXN $35 million .

Another deal valid until 2020 is the one of comprehensive services, managing desktop and laptop computer equipment, port replicators and monitoring for 67,223 computers and monitors for MXN $1.6 billion .

Did you know

?

mp