Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
PDVSA Petróleos de Venezuela S.A.

PDVSA Petróleos de Venezuela S.A. Vendor Cyber Rating & Cyber Score

pdvsa.com

Petróleos de Venezuela S.A. is a Venezuelan state company, began operations on January 1st, 1976 and whose activities are the oil exploration, production, refining, marketing and transportation of Venezuelan oil as well as the orimulsion, chemical, petrochemical businesses and coal. We have the largest oil reserves in the world, reaching at the end of 2013, a total certified sum of 298,353 million barrels, which represent 20% of the world reserves of this resource. Also we manage 197.1 trillion cubic feet of natural gas in proven reserves, a figure that places us in eighth place worldwide. PDVSA carries out its crude processing operations through 14 refineries: six in Venezuela, and nine in the rest of the world. The national refining


PPDVS A.I CyberSecurity Scoring

PPDVS
Company Information
Website:https://www.pdvsa.com
Employees number:25,708
Number of followers:129,470
NAICS:211
Industry Type:Oil and Gas
Homepage:pdvsa.com
PPDVS Risk Score (AI oriented)
Between 600 and 649
logo
PPDVSOil and Gas
Updated:
22/04/2026
645/1000
Poor
Caa
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
PPDVS Global Score (TPRM)
xxxx
logo
PPDVSOil and Gas
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

PPDVS
PPDVSPoor
Current Score
645Caa (POOR)
01000
6 incidents
-105 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
652Before Incident
JUNE 2026
652Before Incident
MAY 2026
646Before Incident
APRIL 2026
645Before Incident
MARCH 2026
641Before Incident
FEBRUARY 2026
640Before Incident
JANUARY 2026
634Before Incident
DECEMBER 2025
742Before Incident
Cyber Attack
15 Dec 2025PPDVS
Petróleos de Venezuela: Hackers Use Lotus Wiper To Destroy Drives In Energy Sector Cyberattack

Lotus Wiper: Destructive Malware Targets Venezuela’s Energy Sector in Coordinated Attack

631After Incident
CRITICAL-111
PET1776853705
Lotus Wiper: Destructive Malware Targets Venezuela’s Energy Sector in Coordinated Attack Kaspersky researchers have identified a new, highly destructive malware campaign targeting Venezuela’s energy and utilities sector. The attack, uncovered in mid-December 2025, deploys Lotus Wiper, a previously undocumented wiper that permanently erases data across physical drives with no possibility of recovery. Unlike ransomware, this malware has no extortion component its sole purpose is annihilation. The campaign was discovered during a period of heightened geopolitical tensions in the Caribbean, coinciding with a disabling cyberattack on Venezuela’s state-owned oil company, Petróleos de Venezuela (PDVSA). However, no confirmed link between the two incidents has been established. The attack appears to have been in development for months, with the wiper compiled in late September 2025. It begins with two batch scripts OhSyncNow.bat and notesreg.bat which orchestrate the assault. OhSyncNow.bat disables Windows’ Interactive Services Detection to suppress warnings and checks for a remote XML flag file (OHSync.xml) on the organization’s NETLOGON domain share, acting as a trigger for compromised machines. Once activated, notesreg.bat takes over, resetting local user passwords, disabling cached logins, and forcibly logging off all active sessions. The final payload, Lotus Wiper, then executes a multi-phase destruction sequence: - System Recovery Erasure: Deletes all Windows System Restore points by manipulating srclient.dll. - Physical Drive Wiping: Overwrites every sector of all connected drives with zeroes, executed twice for thoroughness. - Volume Destruction: Enumerates mounted volumes, clears USN change journals, and deletes files by overwriting them with zeroes, renaming them to random strings, and queuing locked files for deletion on reboot. The result is a system left completely unrecoverable, with no surviving data, partitions, or recovery options. The attack’s sophistication and deliberate targeting of critical infrastructure suggest a calculated effort to disrupt Venezuela’s energy sector.
INCIDENT DETAILS -
TYPE
Wiper Malware Attack
MOTIVATION
Disruption of critical infrastructure, geopolitical tensions
IMPACT
Data Compromised: Permanent data erasure across all connected drivesSystems Affected: Energy and utilities sector systems in VenezuelaOperational Impact: Complete system unrecoverability, disruption of energy sector operations
DATA BREACH
Type Of Data Compromised: All data on affected systemsSensitivity Of Data: High (critical infrastructure data)Data Exfiltration: No (data was erased, not exfiltrated)Data Encryption: No (data was overwritten with zeroes)
Cyber Attack
15 Dec 2025PPDVS
Petróleos de Venezuela SA: Venezuelan Oil Industry Is Running on WhatsApp After Cyberattack

Cyberattack Paralyzes Venezuela’s Oil Giant PDVSA, Forcing Manual Operations

631After Incident
CRITICAL-111
PET1768583981
Cyberattack Paralyzes Venezuela’s Oil Giant PDVSA, Forcing Manual Operations A December 15 cyberattack on Venezuela’s state-owned oil company, Petróleos de Venezuela SA (PDVSA), has crippled its digital infrastructure, forcing employees to rely on phone calls, handwritten reports, and personal messaging apps to maintain operations. The attack disrupted critical systems, including the SCADA platform used to manage refineries, pipelines, and compression plants as well as SAP software, which handles accounting, payments, and production data. With internal email and corporate portals offline, employees in key departments spanning Caracas, Barinas, Puerto La Cruz, and El Tigre have turned to WhatsApp, Telegram, and Gmail for communication. The outage has delayed payments to contractors and workers, while retirees report difficulties accessing pension deposits, with some required to submit personal data in person for manual processing. The attack’s origin remains unclear, with no group or nation including the U.S., which has imposed sanctions on Venezuela’s oil sector claiming responsibility. The incident underscores the vulnerability of PDVSA’s aging technological infrastructure, weakened by years of underinvestment, corruption, and U.S. restrictions on system upgrades. As of late January, the company had yet to fully restore its digital operations.
INCIDENT DETAILS -
TYPE
Cyberattack
IMPACT
SCADA platformSAP softwareInternal emailCorporate portalsOperational Impact: Forced manual operations, delayed payments to contractors and workers, pension access issues
DATA BREACH
Personally Identifiable Information: Pension-related personal data (submitted in person for manual processing)
DECEMBER 2025
760Before Incident
Cyber Attack
14 Dec 2025PPDVS
Petroleos de Venezuela SA: Venezuela Says Oil Export System Down After Weekend Cyberattack

Cyberattack on PDVSA Disrupts Key Administrative Systems

631After Incident
CRITICAL-129
PET1765893364
Cyberattack Disrupts Venezuela’s PDVSA, Delaying Oil Operations Venezuela’s state-owned oil company, Petróleos de Venezuela SA (PDVSA), is grappling with a prolonged cyberattack that has crippled critical administrative systems since early Saturday. The breach targeted networks managing export and import data at the country’s primary crude terminal, Jose, leaving key operations offline as of Monday. According to internal sources, PDVSA instructed employees to shut down computers, disconnect external hardware, and disable WiFi and Starlink connections following the attack. Security at company facilities was also heightened. An internal memo warned staff against restarting devices without authorization, citing concerns over potential data compromise. In a statement, PDVSA described the incident as a “sabotage attempt” that it claimed to have neutralized, asserting that oil production remained unaffected. However, the outage has forced contingency measures, delaying scheduled loadings and disrupting operations. The attack occurs amid heightened geopolitical tensions. Venezuelan President Nicolás Maduro has repeatedly accused the U.S. of orchestrating cyberattacks, including a prior hack allegedly originating from Macedonia that disrupted last year’s election results. The U.S. has denied direct involvement but has taken aggressive actions against Venezuela, including seizing a sanctioned oil tanker last week and authorizing covert CIA operations in October to counter drug trafficking and illegal migration. PDVSA’s vulnerability has been exacerbated by years of deferred maintenance and the loss of critical software licenses due to U.S. sanctions, which barred dealings with American tech providers. While the company has faced previous cyber incidents, this disruption is reportedly the most prolonged to date. The incident underscores the growing intersection of cyber threats and energy infrastructure, particularly in regions facing geopolitical and economic instability.
INCIDENT DETAILS -
TYPE
Cyberattack
MOTIVATION
Sabotage/Disruption of operations
IMPACT
Data Compromised: Possibility of information compromise (not confirmed)Systems Affected: Administrative networks managing export and import data at Jose crude terminalDowntime: Ongoing as of 2025-01-06Operational Impact: Delayed scheduled loadings, contingency measures, shutdown of computers and external connections
DATA BREACH
Data Exfiltration: Not ruled out
NOVEMBER 2025
759Before Incident
Breach
12 Nov 2025PPDVS
Shinhan Card: Shinhan Card reports data breach involving 190,000 merchant records

Shinhan Card Personal Data Breach Involving Merchant Representatives

684After Incident
HIGH-75
SHI1766477260
Shinhan Card Reports Data Breach Affecting 190,000 Merchant Representatives Shinhan Card disclosed a data breach involving approximately 192,088 records of merchant representatives, marking the latest in a series of recent leaks affecting major South Korean firms, including Coupang, KT, SK Telecom, and Lotte Card. The incident, reported to the Personal Information Protection Commission (PIPC) on Tuesday, was attributed to internal employee misconduct related to new card solicitation rather than external hacking. The exposed data included: - 181,585 records containing only mobile phone numbers - 8,120 records with phone numbers and names - 2,310 records with phone numbers, names, birth years, and gender - 73 records with phone numbers, names, and full dates of birth Shinhan Card confirmed that no highly sensitive information—such as resident registration numbers, card details, or bank accounts—was compromised. The breach was limited to merchant representatives, with no impact on individual cardholders. The company stated that the leak stemmed from isolated employee actions and posed no further dissemination risk. The case came to light after a whistleblower submitted evidence to the PIPC, prompting an investigation. Shinhan Card began reviewing the allegations on November 13, verifying the breach through internal records. Following the findings, the company issued a public apology, notified affected merchants, and launched a webpage for individuals to check their exposure. While Shinhan Card has taken measures equivalent to those for a data breach, further review is needed to classify the incident officially. The company pledged to strengthen protections to prevent future occurrences. Security Investment Trends Lag Despite Rising Breaches A recent survey by market tracker Leaders Index revealed that while major South Korean firms increased IT spending by 31.2% (from 16.5 trillion won in 2022 to 21.6 trillion won in 2024), information security investment grew only marginally in proportion—from 5.8% to 5.9% of total IT budgets. Security staffing saw a similar trend, with dedicated personnel rising 22.3% but remaining at just 6.7% of IT workforce share. Analysts noted that despite absolute increases, security priorities continue to trail broader technology spending.
INCIDENT DETAILS -
TYPE
Data Breach
MOTIVATION
New Card Solicitation (Non-Malicious)
IMPACT
Data Compromised: 192,088 recordsBrand Reputation Impact: YesIdentity Theft Risk: Low (No highly sensitive data exposed)Payment Information Risk: None (No card or bank details compromised)
DATA BREACH
Mobile phone numbersNamesYear of birthGenderFull dates of birthNumber Of Records Exposed: 192,088Sensitivity Of Data: Low to Moderate (No resident registration numbers, card numbers, or bank details)Data Exfiltration: No evidence of further disseminationPersonally Identifiable Information: Yes (Phone numbers, names, dates of birth)
OCTOBER 2025
759Before Incident
SEPTEMBER 2025
759Before Incident
AUGUST 2025
758Before Incident
JUNE 2019
772Before Incident
Ransomware
16 Jun 2019PPDVS
PDVSA: Venezuela's PDVSA suffers cyberattack, tankers make u-turns amid tensions with US

Venezuela’s PDVSA Hit by Ransomware Attack Amid Escalating U.S. Tensions

681After Incident
CRITICAL-91
PET1768616322
Venezuela’s PDVSA Hit by Ransomware Attack Amid Escalating U.S. Tensions Venezuela’s state-owned oil company, PDVSA, suffered a ransomware attack last week, disrupting administrative systems and halting oil cargo deliveries, though production and refining operations remained unaffected. The company blamed the cyberattack on "foreign interests," specifically alleging U.S. involvement in coordination with domestic entities, accusing Washington of attempting to undermine Venezuela’s sovereign energy sector. The attack, which PDVSA claimed to have recovered from, forced workers to rely on manual record-keeping as systems remained offline. Multiple sources confirmed that administrative networks were still down days later, leading to the suspension of loading instructions for oil exports. At least four very large crude carriers (VLCCs) scheduled to load crude at Venezuelan ports reversed course, while a Benin-flagged tanker carrying 300,000 barrels of Russian naphtha for PDVSA also diverted to Europe without discharging its cargo. Despite the disruptions, some tankers including those chartered by Chevron under a U.S. sanctions exemption continued sailing to the U.S. Others departed in "dark mode," navigating with their tracking systems disabled. Venezuela’s oil exports averaged 952,000 barrels per day last month, according to shipping data, though the cyberattack and recent U.S. enforcement actions have added pressure. The incident follows the U.S. Coast Guard’s seizure of a VLCC carrying 1.85 million barrels of Venezuelan crude, the first such interception since sanctions were imposed in 2019. Tensions between Caracas and Washington have intensified, with Venezuela accusing the U.S. of seeking regime change to control its oil reserves. The U.S. State Department has not commented on the cyberattack allegations. PDVSA ordered employees to disconnect from corporate systems and restricted access for non-essential workers, while a shipper involved in Venezuelan oil deals confirmed that export operations remained suspended. The attack’s impact extended to Cuba, which relies on Venezuelan oil and is already facing severe power shortages.
INCIDENT DETAILS -
TYPE
Ransomware
MOTIVATION
Undermine Venezuela’s sovereign energy sector, alleged regime change efforts
IMPACT
Systems Affected: Administrative systems, oil cargo delivery operationsOperational Impact: Halted oil cargo deliveries, manual record-keeping required, suspension of loading instructions for oil exports
DECEMBER 2002
772Before Incident
Cyber Attack
01 Dec 2002PPDVS
Petróleos de Venezuela, S.A. (PDVSA)

2002 Venezuela Port Facility SCADA Hack During General Strike

764After Incident
CRITICAL-8
PET451092125
In December 2002, during a general strike in Venezuela, a port facility operated by PDVSA (Venezuela’s state-owned oil company) was targeted in a deliberate cyber attack. The attacker, likely an insider (possibly an employee involved in the strike), remotely accessed the SCADA (Supervisory Control and Data Acquisition) system controlling the port’s operations. The attacker erased all PLC (Programmable Logic Controller) programs, crippling the facility’s ability to load oil tankers. The sabotage lasted eight hours, causing Venezuela’s national oil production to plummet from 3 million barrels per day (BPD) to just 300,000 BPD—a 90% reduction.The attack directly disrupted Venezuela’s oil-dependent economy, which relied heavily on exports. The temporary shutdown of the port facility contributed to broader economic instability during the strike, exacerbating fuel shortages and financial losses. While no physical damage or loss of life occurred, the targeted disruption of critical infrastructure—a key sector for the nation’s revenue—demonstrated the vulnerability of industrial control systems to cyber sabotage. The incident highlighted how cyber attacks on energy infrastructure could be weaponized for political or economic coercion, with cascading effects on national production and global oil markets.
INCIDENT DETAILS -
TYPE
cyber-physical attacksabotageSCADA compromise
MOTIVATION
political (supporting the general strike)economic sabotage (disrupting oil production)
IMPACT
Data Compromised: PLC programs (erased)SCADA systemProgrammable Logic Controllers (PLCs)Downtime: 8 hours (tanker loading operations halted)port facility operations disruptedoil production dropped from 3M BPD to 300K BPD
DATA BREACH
PLC programs (operational data)Sensitivity Of Data: high (critical infrastructure control systems)Data Exfiltration: no (data was erased, not stolen)PLC configuration files

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for PPDVS ?
?
What was PPDVS's A.I Rankiteo Cyber Score in June 2026 ?
?
What was PPDVS's A.I Rankiteo Cyber Score in May 2026 ?
?
What was PPDVS's A.I Rankiteo Cyber Score in April 2026 ?
?
What was PPDVS's A.I Rankiteo Cyber Score in March 2026 ?
?
What was PPDVS's A.I Rankiteo Cyber Score in February 2026 ?
?
What was PPDVS's A.I Rankiteo Cyber Score in January 2026 ?
?
What was PPDVS's A.I Rankiteo Cyber Score in December 2025 ?
?
What was PPDVS's A.I Rankiteo Cyber Score in November 2025 ?
?
What was PPDVS's A.I Rankiteo Cyber Score in October 2025 ?
?
What was PPDVS's A.I Rankiteo Cyber Score in September 2025 ?
?
What was PPDVS's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on PPDVS's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with PPDVS ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view PPDVS's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?