PPDVS A.I CyberSecurity Scoring
PPDVS
Company Information
Website:https://www.pdvsa.com
Employees number:25,708
Number of followers:129,470
NAICS:211
Industry Type:Oil and Gas
Homepage:pdvsa.com
PPDVS Risk Score (AI oriented)
Between 600 and 649
PPDVSOil and Gas
Updated:
22/04/2026
22/04/2026
645/1000
Poor
Caa
PPDVS Global Score (TPRM)
xxxx
PPDVSOil and Gas
Score locked

PPDVSPoor
Current Score
645Caa (POOR)
01000
6 incidents
-105 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
652
JUNE 2026
652
MAY 2026
646
APRIL 2026
645
MARCH 2026
641
FEBRUARY 2026
640
JANUARY 2026
634
DECEMBER 2025
742
Cyber Attack
15 Dec 2025 • PPDVS
Petróleos de Venezuela: Hackers Use Lotus Wiper To Destroy Drives In Energy Sector Cyberattack
Lotus Wiper: Destructive Malware Targets Venezuela’s Energy Sector in Coordinated Attack
631
CRITICAL-111
PET1776853705
Lotus Wiper: Destructive Malware Targets Venezuela’s Energy Sector in Coordinated Attack
Kaspersky researchers have identified a new, highly destructive malware campaign targeting Venezuela’s energy and utilities sector. The attack, uncovered in mid-December 2025, deploys Lotus Wiper, a previously undocumented wiper that permanently erases data across physical drives with no possibility of recovery.
Unlike ransomware, this malware has no extortion component its sole purpose is annihilation. The campaign was discovered during a period of heightened geopolitical tensions in the Caribbean, coinciding with a disabling cyberattack on Venezuela’s state-owned oil company, Petróleos de Venezuela (PDVSA). However, no confirmed link between the two incidents has been established.
The attack appears to have been in development for months, with the wiper compiled in late September 2025. It begins with two batch scripts OhSyncNow.bat and notesreg.bat which orchestrate the assault. OhSyncNow.bat disables Windows’ Interactive Services Detection to suppress warnings and checks for a remote XML flag file (OHSync.xml) on the organization’s NETLOGON domain share, acting as a trigger for compromised machines.
Once activated, notesreg.bat takes over, resetting local user passwords, disabling cached logins, and forcibly logging off all active sessions. The final payload, Lotus Wiper, then executes a multi-phase destruction sequence:
- System Recovery Erasure: Deletes all Windows System Restore points by manipulating srclient.dll.
- Physical Drive Wiping: Overwrites every sector of all connected drives with zeroes, executed twice for thoroughness.
- Volume Destruction: Enumerates mounted volumes, clears USN change journals, and deletes files by overwriting them with zeroes, renaming them to random strings, and queuing locked files for deletion on reboot.
The result is a system left completely unrecoverable, with no surviving data, partitions, or recovery options. The attack’s sophistication and deliberate targeting of critical infrastructure suggest a calculated effort to disrupt Venezuela’s energy sector.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Cyber Attack
15 Dec 2025 • PPDVS
Petróleos de Venezuela SA: Venezuelan Oil Industry Is Running on WhatsApp After Cyberattack
Cyberattack Paralyzes Venezuela’s Oil Giant PDVSA, Forcing Manual Operations
631
CRITICAL-111
PET1768583981
Cyberattack Paralyzes Venezuela’s Oil Giant PDVSA, Forcing Manual Operations
A December 15 cyberattack on Venezuela’s state-owned oil company, Petróleos de Venezuela SA (PDVSA), has crippled its digital infrastructure, forcing employees to rely on phone calls, handwritten reports, and personal messaging apps to maintain operations. The attack disrupted critical systems, including the SCADA platform used to manage refineries, pipelines, and compression plants as well as SAP software, which handles accounting, payments, and production data.
With internal email and corporate portals offline, employees in key departments spanning Caracas, Barinas, Puerto La Cruz, and El Tigre have turned to WhatsApp, Telegram, and Gmail for communication. The outage has delayed payments to contractors and workers, while retirees report difficulties accessing pension deposits, with some required to submit personal data in person for manual processing.
The attack’s origin remains unclear, with no group or nation including the U.S., which has imposed sanctions on Venezuela’s oil sector claiming responsibility. The incident underscores the vulnerability of PDVSA’s aging technological infrastructure, weakened by years of underinvestment, corruption, and U.S. restrictions on system upgrades. As of late January, the company had yet to fully restore its digital operations.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
DECEMBER 2025
760
Cyber Attack
14 Dec 2025 • PPDVS
Petroleos de Venezuela SA: Venezuela Says Oil Export System Down After Weekend Cyberattack
Cyberattack on PDVSA Disrupts Key Administrative Systems
631
CRITICAL-129
PET1765893364
Cyberattack Disrupts Venezuela’s PDVSA, Delaying Oil Operations
Venezuela’s state-owned oil company, Petróleos de Venezuela SA (PDVSA), is grappling with a prolonged cyberattack that has crippled critical administrative systems since early Saturday. The breach targeted networks managing export and import data at the country’s primary crude terminal, Jose, leaving key operations offline as of Monday.
According to internal sources, PDVSA instructed employees to shut down computers, disconnect external hardware, and disable WiFi and Starlink connections following the attack. Security at company facilities was also heightened. An internal memo warned staff against restarting devices without authorization, citing concerns over potential data compromise.
In a statement, PDVSA described the incident as a “sabotage attempt” that it claimed to have neutralized, asserting that oil production remained unaffected. However, the outage has forced contingency measures, delaying scheduled loadings and disrupting operations.
The attack occurs amid heightened geopolitical tensions. Venezuelan President Nicolás Maduro has repeatedly accused the U.S. of orchestrating cyberattacks, including a prior hack allegedly originating from Macedonia that disrupted last year’s election results. The U.S. has denied direct involvement but has taken aggressive actions against Venezuela, including seizing a sanctioned oil tanker last week and authorizing covert CIA operations in October to counter drug trafficking and illegal migration.
PDVSA’s vulnerability has been exacerbated by years of deferred maintenance and the loss of critical software licenses due to U.S. sanctions, which barred dealings with American tech providers. While the company has faced previous cyber incidents, this disruption is reportedly the most prolonged to date.
The incident underscores the growing intersection of cyber threats and energy infrastructure, particularly in regions facing geopolitical and economic instability.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
NOVEMBER 2025
759
Breach
12 Nov 2025 • PPDVS
Shinhan Card: Shinhan Card reports data breach involving 190,000 merchant records
Shinhan Card Personal Data Breach Involving Merchant Representatives
684
HIGH-75
SHI1766477260
Shinhan Card Reports Data Breach Affecting 190,000 Merchant Representatives
Shinhan Card disclosed a data breach involving approximately 192,088 records of merchant representatives, marking the latest in a series of recent leaks affecting major South Korean firms, including Coupang, KT, SK Telecom, and Lotte Card. The incident, reported to the Personal Information Protection Commission (PIPC) on Tuesday, was attributed to internal employee misconduct related to new card solicitation rather than external hacking.
The exposed data included:
- 181,585 records containing only mobile phone numbers
- 8,120 records with phone numbers and names
- 2,310 records with phone numbers, names, birth years, and gender
- 73 records with phone numbers, names, and full dates of birth
Shinhan Card confirmed that no highly sensitive information—such as resident registration numbers, card details, or bank accounts—was compromised. The breach was limited to merchant representatives, with no impact on individual cardholders. The company stated that the leak stemmed from isolated employee actions and posed no further dissemination risk.
The case came to light after a whistleblower submitted evidence to the PIPC, prompting an investigation. Shinhan Card began reviewing the allegations on November 13, verifying the breach through internal records. Following the findings, the company issued a public apology, notified affected merchants, and launched a webpage for individuals to check their exposure.
While Shinhan Card has taken measures equivalent to those for a data breach, further review is needed to classify the incident officially. The company pledged to strengthen protections to prevent future occurrences.
Security Investment Trends Lag Despite Rising Breaches
A recent survey by market tracker Leaders Index revealed that while major South Korean firms increased IT spending by 31.2% (from 16.5 trillion won in 2022 to 21.6 trillion won in 2024), information security investment grew only marginally in proportion—from 5.8% to 5.9% of total IT budgets. Security staffing saw a similar trend, with dedicated personnel rising 22.3% but remaining at just 6.7% of IT workforce share. Analysts noted that despite absolute increases, security priorities continue to trail broader technology spending.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
OCTOBER 2025
759
SEPTEMBER 2025
759
AUGUST 2025
758
JUNE 2019
772
Ransomware
16 Jun 2019 • PPDVS
PDVSA: Venezuela's PDVSA suffers cyberattack, tankers make u-turns amid tensions with US
Venezuela’s PDVSA Hit by Ransomware Attack Amid Escalating U.S. Tensions
681
CRITICAL-91
PET1768616322
Venezuela’s PDVSA Hit by Ransomware Attack Amid Escalating U.S. Tensions
Venezuela’s state-owned oil company, PDVSA, suffered a ransomware attack last week, disrupting administrative systems and halting oil cargo deliveries, though production and refining operations remained unaffected. The company blamed the cyberattack on "foreign interests," specifically alleging U.S. involvement in coordination with domestic entities, accusing Washington of attempting to undermine Venezuela’s sovereign energy sector.
The attack, which PDVSA claimed to have recovered from, forced workers to rely on manual record-keeping as systems remained offline. Multiple sources confirmed that administrative networks were still down days later, leading to the suspension of loading instructions for oil exports. At least four very large crude carriers (VLCCs) scheduled to load crude at Venezuelan ports reversed course, while a Benin-flagged tanker carrying 300,000 barrels of Russian naphtha for PDVSA also diverted to Europe without discharging its cargo.
Despite the disruptions, some tankers including those chartered by Chevron under a U.S. sanctions exemption continued sailing to the U.S. Others departed in "dark mode," navigating with their tracking systems disabled. Venezuela’s oil exports averaged 952,000 barrels per day last month, according to shipping data, though the cyberattack and recent U.S. enforcement actions have added pressure.
The incident follows the U.S. Coast Guard’s seizure of a VLCC carrying 1.85 million barrels of Venezuelan crude, the first such interception since sanctions were imposed in 2019. Tensions between Caracas and Washington have intensified, with Venezuela accusing the U.S. of seeking regime change to control its oil reserves. The U.S. State Department has not commented on the cyberattack allegations.
PDVSA ordered employees to disconnect from corporate systems and restricted access for non-essential workers, while a shipper involved in Venezuelan oil deals confirmed that export operations remained suspended. The attack’s impact extended to Cuba, which relies on Venezuelan oil and is already facing severe power shortages.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
REFERENCES
DECEMBER 2002
772
Cyber Attack
01 Dec 2002 • PPDVS
Petróleos de Venezuela, S.A. (PDVSA)
2002 Venezuela Port Facility SCADA Hack During General Strike
764
CRITICAL-8
PET451092125
In December 2002, during a general strike in Venezuela, a port facility operated by PDVSA (Venezuela’s state-owned oil company) was targeted in a deliberate cyber attack. The attacker, likely an insider (possibly an employee involved in the strike), remotely accessed the SCADA (Supervisory Control and Data Acquisition) system controlling the port’s operations. The attacker erased all PLC (Programmable Logic Controller) programs, crippling the facility’s ability to load oil tankers. The sabotage lasted eight hours, causing Venezuela’s national oil production to plummet from 3 million barrels per day (BPD) to just 300,000 BPD—a 90% reduction.The attack directly disrupted Venezuela’s oil-dependent economy, which relied heavily on exports. The temporary shutdown of the port facility contributed to broader economic instability during the strike, exacerbating fuel shortages and financial losses. While no physical damage or loss of life occurred, the targeted disruption of critical infrastructure—a key sector for the nation’s revenue—demonstrated the vulnerability of industrial control systems to cyber sabotage. The incident highlighted how cyber attacks on energy infrastructure could be weaponized for political or economic coercion, with cascading effects on national production and global oil markets.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for PPDVS ??
What was PPDVS's A.I Rankiteo Cyber Score in June 2026 ??
What was PPDVS's A.I Rankiteo Cyber Score in May 2026 ??
What was PPDVS's A.I Rankiteo Cyber Score in April 2026 ??
What was PPDVS's A.I Rankiteo Cyber Score in March 2026 ??
What was PPDVS's A.I Rankiteo Cyber Score in February 2026 ??
What was PPDVS's A.I Rankiteo Cyber Score in January 2026 ??
What was PPDVS's A.I Rankiteo Cyber Score in December 2025 ??
What was PPDVS's A.I Rankiteo Cyber Score in November 2025 ??
What was PPDVS's A.I Rankiteo Cyber Score in October 2025 ??
What was PPDVS's A.I Rankiteo Cyber Score in September 2025 ??
What was PPDVS's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on PPDVS's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with PPDVS ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view PPDVS's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?