Pemex Faces Payment Problems After Cyberattack Shut Down System

A Petroleos Mexicanos gas station stands in Mexico City
A Petroleos Mexicanos gas station in Mexico City. Pemex is relying on manual billing until its security situation is resolved. (Luis Antonio Rojas/Bloomberg News)

[Stay on top of transportation news: Get TTNews in your inbox.]

A ransomware attack that hit Mexico’s Petroleos Mexicanos is disrupting the company’s billing systems, according to people familiar with the situation.

Pemex is relying on manual billing that could affect payment of personnel and suppliers and hinder supply chain operations, the people said, asking not to be identified because they aren’t authorized to speak to the press.

Invoices for fuel to be delivered from Pemex’s storage terminals to gasoline stations were being done manually Nov. 12. At the company’s refining arm, some employees couldn’t access emails or the internet, and computers were operating more slowly. If the situation isn’t resolved by Nov. 13, it could affect Pemex’s ability to pay personnel and some suppliers, one of the people said.

Pemex’s ransomware attack — in which systems are frozen by hackers until a ransom is paid — is the latest cyber incursion to hit the commodities industry. Payment problems could disrupt a supply chain that stretches across fuel retailers, global trading companies, oil industry servicers and trucking firms.

Earlier this year, Norsk Hydro ASA was hit, following previous attacks on companies from zinc smelter Nyrstar NV to oil giants Saudi Aramco and Rosneft PJSC, shipping company AP Moller-Maersk A/S and agriculture trader Archer-Daniels-Midland Co.

Staff payments may have to be done by telephone, said another person. In Pemex’s finance department, external emails weren’t coming through, affecting daily payments, people said.

In Villahermosa, Tabasco, employees involved in well-drilling services were told Nov. 12 they could start their computers, but not log on to the network, another person said. Telephone lines aren’t working, and there’s no access to the company network, corporate emails or Skype.

Pemex said that fuel output, storage and inventories were “guaranteed” and that operations were normal in a statement on its website the evening of Nov. 11. The state-owned oil firm was subjected to cyberattacks Nov. 10 that affected less than 5% of personal computing devices, it said.

Some Pemex employees were told not to access the company’s computer system Nov. 11 after it was unexpectedly shut down over the weekend. The company’s trading arm, PMI, said its system was operating again by the afternoon of Nov. 11, though emails from Pemex were being treated with caution, and workers were advised not to use some Pemex services such as Pemex Movil, according to internal emails seen by Bloomberg. Workers were cautioned that the company was running anti-virus programs that could slow down applications.

Disruptive technologies have been a double-edged sword in the global oil industry. As oil companies seek to improve efficiency and worker safety by increasingly digitizing their operations, they face unprecedented security risks through ever-more sophisticated cyberattacks.

Want more news? Listen to today's daily briefing: