Company Details
pemex
45,054
259,183
211
pemex.com
0
PEM_1331250
In-progress


PEMEX Company CyberSecurity Posture
pemex.comPetróleos Mexicanos es la mayor empresa de México, el mayor contribuyente fiscal del país, así como una de las empresas más grandes de América Latina. Es de las pocas empresas petroleras del mundo que desarrolla toda la cadena productiva de la industria, desde la exploración, hasta la distribución y comercialización de productos finales, incluyendo la petroquímica. Pemex contribuye el 35% del PEF, en otras palabras aporta 1 de cada 3 pesos para la construcción de escuelas, carreteras y hospitales. La tasa de éxito en exploración en aguas profundas es del 50% siendo superior al estándar internacional. En el 2014 las inversiones fueron por más de 25 mil millones de dólares. Pemex generó más de medio millón de empleos indirectos. Anualmente Pemex invierte cerca de 140 millones de dólares en donativos
Company Details
pemex
45,054
259,183
211
pemex.com
0
PEM_1331250
In-progress
Between 750 and 799

PEMEX Global Score (TPRM)XXXX

Description: Mexico's state-owned oil company, Pemex was targeted in a DoppelPaymer ransomware attack that infected 5% of its computer systems. The attackers encrypted its computer systems and stole data from its servers and demanded 565 bitcoins, or $4,899,295.80 USD as a ransom.


No incidents recorded for PEMEX in 2026.
No incidents recorded for PEMEX in 2026.
No incidents recorded for PEMEX in 2026.
PEMEX cyber incidents detection timeline including parent company and subsidiaries

Petróleos Mexicanos es la mayor empresa de México, el mayor contribuyente fiscal del país, así como una de las empresas más grandes de América Latina. Es de las pocas empresas petroleras del mundo que desarrolla toda la cadena productiva de la industria, desde la exploración, hasta la distribución y comercialización de productos finales, incluyendo la petroquímica. Pemex contribuye el 35% del PEF, en otras palabras aporta 1 de cada 3 pesos para la construcción de escuelas, carreteras y hospitales. La tasa de éxito en exploración en aguas profundas es del 50% siendo superior al estándar internacional. En el 2014 las inversiones fueron por más de 25 mil millones de dólares. Pemex generó más de medio millón de empleos indirectos. Anualmente Pemex invierte cerca de 140 millones de dólares en donativos

At Enbridge, our goal is to be the first-choice energy delivery company in North America and beyond—for customers, communities, investors, regulators and policymakers, and employees. We also recognize the importance of a secure, reliable and affordable supply of energy, which we deliver every day th
Shell is a global group of energy and petrochemical companies, employing 96,000 people across 70+ countries. We serve around 1 million commercial and industrial customers, and around 33 million customers daily at our Shell-branded retail service stations. Our purpose is to power progress together b

Have you ever thought of offering your skills and expertise to a multinational company? Give your best to better energy and make the commitment with TotalEnergies. With over 500-plus professions in 130 countries, we offer high safety and environmental standards, strong ethical values, an innovatio
At Repsol, we are at the forefront of the energy sector to build the future of energy with innovation and sustainability. We are a strong multienergy company that creates value in an integrated, diversified, and sustainable way to promote progress in society. We leverage our past experience to be pr

Koch Engineered Solutions (KES) provides uniquely engineered solutions in construction; mass and heat transfer; combustion and emissions controls; filtration; separation; materials applications; automation and actuation. KES is located in Wichita, Kansas, and is a subsidiary of Koch Industries, one
Oxy is an international energy company with assets primarily in the United States, the Middle East and North Africa. We are one of the largest oil producers in the U.S., including a leading producer in the Permian and DJ basins, and offshore Gulf of Mexico. Our midstream and marketing segment provid
PT Pertamina (Persero) is an Indonesian state-owned enterprise, which is engaged in the integrated energy in Indonesia. Established on December 10, 1957, Pertamina had the experiences in upstream, midstream, downstream and renewable energy sectors for more than 50 years. This is the official Link

Wood Group has combined with Amec Foster Wheeler to form a new global leader in the delivery of project, engineering and technical services to energy and industrial markets. To find out more about Wood visit our new website at www.woodplc.com For all the latest updates and job news follow Wood on L

NOV delivers technology-driven solutions to empower the global energy industry. For more than 150 years, NOV has pioneered innovations that enable its customers to safely produce abundant energy while minimizing environmental impact. The energy industry depends on NOV’s deep expertise and technology
.png)
Analysis of the PemEx app recommended in WhatsApp groups by alleged financial advisors: empty crypto addresses, no on-chain trading,...
Hexagon shares how digitalization, AI, and asset lifecycle solutions enhance efficiency, sustainability, and operational safety in Mexico.
GREENWIRE | XALAPA, Mexico — Mexico's state-run oil company said Tuesday that the torrential rains that left dozens dead and missing in...
ENERGYWIRE | Mexican oil giant Petróleos Mexicanos has gone from the nation's golden goose to a major albatross. After years of pumping cash...
PEMEX posts lower crude output and fewer active drilling rigs in August 2025, while natural gas, refined fuels, and refinery throughput show...
PEMEX's unpaid debt and liquidity issues are impacting its operations, threatening production stability and energy sovereignty,...
ENERGYWIRE | In the swampy lowlands of Mexico's Gulf Coast, Petróleos Mexicanos is pumping high-pressure jets of water, chemicals and sand...
ABS' technical advisory, focusing on regulatory compliance, digital transformation, and sustainable practices, strives for a safer,...
PEMEX plans to increase its crude oil production by 69.4Mb/d in 2025 through 10 mixed development contracts with private companies.

Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
The official website of PEMEX is https://www.pemex.com.
According to Rankiteo, PEMEX’s AI-generated cybersecurity score is 765, reflecting their Fair security posture.
According to Rankiteo, PEMEX currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
According to Rankiteo, PEMEX has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
According to Rankiteo, PEMEX is not certified under SOC 2 Type 1.
According to Rankiteo, PEMEX does not hold a SOC 2 Type 2 certification.
According to Rankiteo, PEMEX is not listed as GDPR compliant.
According to Rankiteo, PEMEX does not currently maintain PCI DSS compliance.
According to Rankiteo, PEMEX is not compliant with HIPAA regulations.
According to Rankiteo,PEMEX is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
PEMEX operates primarily in the Oil and Gas industry.
PEMEX employs approximately 45,054 people worldwide.
PEMEX presently has no subsidiaries across any sectors.
PEMEX’s official LinkedIn profile has approximately 259,183 followers.
PEMEX is classified under the NAICS code 211, which corresponds to Oil and Gas Extraction.
Yes, PEMEX has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/pemex.
Yes, PEMEX maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/pemex.
As of January 22, 2026, Rankiteo reports that PEMEX has experienced 1 cybersecurity incidents.
PEMEX has an estimated 10,646 peer or competitor companies worldwide.
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware.
Title: DoppelPaymer Ransomware Attack on Pemex
Description: Mexico's state-owned oil company, Pemex was targeted in a DoppelPaymer ransomware attack that infected 5% of its computer systems. The attackers encrypted its computer systems and stole data from its servers and demanded 565 bitcoins, or $4,899,295.80 USD as a ransom.
Type: Ransomware
Attack Vector: DoppelPaymer Ransomware
Motivation: Financial Gain
Common Attack Types: The most common types of attacks the company has faced is Ransomware.

Systems Affected: 5% of computer systems

Entity Name: Pemex
Entity Type: State-Owned Oil Company
Industry: Energy
Location: Mexico

Data Exfiltration: Data stolen from servers
Data Encryption: Computer systems encrypted

Ransom Demanded: 565 bitcoins, or $4,899,295.80 USD
Ransomware Strain: DoppelPaymer
Data Encryption: Computer systems encrypted
Data Exfiltration: Data stolen from servers
Last Ransom Demanded: The amount of the last ransom demanded was 565 bitcoins, or $4,899,295.80 USD.
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was 565 bitcoins, or $4,899,295.80 USD.
.png)
Backstage is an open framework for building developer portals, and @backstage/backend-defaults provides the default implementations and setup for a standard Backstage backend app. Prior to versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0, the `FetchUrlReader` component, used by the catalog and other plugins to fetch content from URLs, followed HTTP redirects automatically. This allowed an attacker who controls a host listed in `backend.reading.allow` to redirect requests to internal or sensitive URLs that are not on the allowlist, bypassing the URL allowlist security control. This is a Server-Side Request Forgery (SSRF) vulnerability that could allow access to internal resources, but it does not allow attackers to include additional request headers. This vulnerability is fixed in `@backstage/backend-defaults` version 0.12.2, 0.13.2, 0.14.1, and 0.15.0. Users should upgrade to this version or later. Some workarounds are available. Restrict `backend.reading.allow` to only trusted hosts that you control and that do not issue redirects, ensure allowed hosts do not have open redirect vulnerabilities, and/or use network-level controls to block access from Backstage to sensitive internal endpoints.
Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the `resolveSafeChildPath` utility function in `@backstage/backend-plugin-api`, which is used to prevent path traversal attacks, failed to properly validate symlink chains and dangling symlinks. An attacker could bypass the path validation via symlink chains (creating `link1 → link2 → /outside` where intermediate symlinks eventually resolve outside the allowed directory) and dangling symlinks (creating symlinks pointing to non-existent paths outside the base directory, which would later be created during file operations). This function is used by Scaffolder actions and other backend components to ensure file operations stay within designated directories. This vulnerability is fixed in `@backstage/backend-plugin-api` version 0.1.17. Users should upgrade to this version or later. Some workarounds are available. Run Backstage in a containerized environment with limited filesystem access and/or restrict template creation to trusted users.
Backstage is an open framework for building developer portals. Multiple Scaffolder actions and archive extraction utilities were vulnerable to symlink-based path traversal attacks. An attacker with access to create and execute Scaffolder templates could exploit symlinks to read arbitrary files via the `debug:log` action by creating a symlink pointing to sensitive files (e.g., `/etc/passwd`, configuration files, secrets); delete arbitrary files via the `fs:delete` action by creating symlinks pointing outside the workspace, and write files outside the workspace via archive extraction (tar/zip) containing malicious symlinks. This affects any Backstage deployment where users can create or execute Scaffolder templates. This vulnerability is fixed in `@backstage/backend-defaults` versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0; `@backstage/plugin-scaffolder-backend` versions 2.2.2, 3.0.2, and 3.1.1; and `@backstage/plugin-scaffolder-node` versions 0.11.2 and 0.12.3. Users should upgrade to these versions or later. Some workarounds are available. Follow the recommendation in the Backstage Threat Model to limit access to creating and updating templates, restrict who can create and execute Scaffolder templates using the permissions framework, audit existing templates for symlink usage, and/or run Backstage in a containerized environment with limited filesystem access.
FastAPI Api Key provides a backend-agnostic library that provides an API key system. Version 1.1.0 has a timing side-channel vulnerability in verify_key(). The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys by measuring response latencies. With enough repeated requests, an adversary could infer whether a key_id corresponds to a valid key, potentially accelerating brute-force or enumeration attacks. All users relying on verify_key() for API key authentication prior to the fix are affected. Users should upgrade to version 1.1.0 to receive a patch. The patch applies a uniform random delay (min_delay to max_delay) to all responses regardless of outcome, eliminating the timing correlation. Some workarounds are available. Add an application-level fixed delay or random jitter to all authentication responses (success and failure) before the fix is applied and/or use rate limiting to reduce the feasibility of statistical timing attacks.
The Flux Operator is a Kubernetes CRD controller that manages the lifecycle of CNCF Flux CD and the ControlPlane enterprise distribution. Starting in version 0.36.0 and prior to version 0.40.0, a privilege escalation vulnerability exists in the Flux Operator Web UI authentication code that allows an attacker to bypass Kubernetes RBAC impersonation and execute API requests with the operator's service account privileges. In order to be vulnerable, cluster admins must configure the Flux Operator with an OIDC provider that issues tokens lacking the expected claims (e.g., `email`, `groups`), or configure custom CEL expressions that can evaluate to empty values. After OIDC token claims are processed through CEL expressions, there is no validation that the resulting `username` and `groups` values are non-empty. When both values are empty, the Kubernetes client-go library does not add impersonation headers to API requests, causing them to be executed with the flux-operator service account's credentials instead of the authenticated user's limited permissions. This can result in privilege escalation, data exposure, and/or information disclosure. Version 0.40.0 patches the issue.

Get company history
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.