Venezuela’s PDVSA Hit by Ransomware Attack Amid Escalating U.S. Tensions
Venezuela’s state-owned oil company, PDVSA, suffered a ransomware attack last week, disrupting administrative systems and halting oil cargo deliveries, though production and refining operations remained unaffected. The company blamed the cyberattack on "foreign interests," specifically alleging U.S. involvement in coordination with domestic entities, accusing Washington of attempting to undermine Venezuela’s sovereign energy sector.
The attack, which PDVSA claimed to have recovered from, forced workers to rely on manual record-keeping as systems remained offline. Multiple sources confirmed that administrative networks were still down days later, leading to the suspension of loading instructions for oil exports. At least four very large crude carriers (VLCCs) scheduled to load crude at Venezuelan ports reversed course, while a Benin-flagged tanker carrying 300,000 barrels of Russian naphtha for PDVSA also diverted to Europe without discharging its cargo.
Despite the disruptions, some tankers including those chartered by Chevron under a U.S. sanctions exemption continued sailing to the U.S. Others departed in "dark mode," navigating with their tracking systems disabled. Venezuela’s oil exports averaged 952,000 barrels per day last month, according to shipping data, though the cyberattack and recent U.S. enforcement actions have added pressure.
The incident follows the U.S. Coast Guard’s seizure of a VLCC carrying 1.85 million barrels of Venezuelan crude, the first such interception since sanctions were imposed in 2019. Tensions between Caracas and Washington have intensified, with Venezuela accusing the U.S. of seeking regime change to control its oil reserves. The U.S. State Department has not commented on the cyberattack allegations.
PDVSA ordered employees to disconnect from corporate systems and restricted access for non-essential workers, while a shipper involved in Venezuelan oil deals confirmed that export operations remained suspended. The attack’s impact extended to Cuba, which relies on Venezuelan oil and is already facing severe power shortages.
PDVSA Petróleos de Venezuela S.A. cybersecurity rating report: https://www.rankiteo.com/company/petroleosdevenezuela
"id": "PET1768616322",
"linkid": "petroleosdevenezuela",
"type": "Ransomware",
"date": "6/2019",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Oil export clients, including '
'Cuba (facing power shortages '
'due to disrupted oil supplies)',
'industry': 'Oil and gas',
'location': 'Venezuela',
'name': 'PDVSA',
'type': 'State-owned oil company'}],
'description': 'Venezuela’s state-owned oil company, PDVSA, suffered a '
'ransomware attack last week, disrupting administrative '
'systems and halting oil cargo deliveries, though production '
'and refining operations remained unaffected. The company '
"blamed the cyberattack on 'foreign interests,' specifically "
'alleging U.S. involvement in coordination with domestic '
'entities, accusing Washington of attempting to undermine '
'Venezuela’s sovereign energy sector.',
'impact': {'operational_impact': 'Halted oil cargo deliveries, manual '
'record-keeping required, suspension of '
'loading instructions for oil exports',
'systems_affected': 'Administrative systems, oil cargo delivery '
'operations'},
'motivation': 'Undermine Venezuela’s sovereign energy sector, alleged regime '
'change efforts',
'references': [{'source': 'Cyber incident description'}],
'response': {'containment_measures': 'Employees ordered to disconnect from '
'corporate systems, restricted access '
'for non-essential workers',
'recovery_measures': 'Claimed to have recovered from the attack'},
'threat_actor': 'Foreign interests (allegedly U.S. and domestic entities)',
'title': 'Venezuela’s PDVSA Hit by Ransomware Attack Amid Escalating U.S. '
'Tensions',
'type': 'Ransomware'}