Mexico’s state-owned oil company is facing a cyber attack that is believed to have targeted its billing systems, according to media reports. The hackers claiming responsibility for the attack are demanding that Pemex pay 565 bitcoins, or the equivalent of about $5 million.

Pemex discovered the ransomware attack over the weekend at its headquarters in Mexico City, which prompted it to shut down computer networks across the country. Systems most affected involved those used to issue payments to employees and suppliers.

The attack has forced the integrated oil company to revert to manual invoicing for its fuel deliveries from storage terminals to gasoline stations. Reports also say that Pemex employees, from its upstream units to its downstream units, continue to be unable to access email, company networks, or telephone lines. Some business units are apparently unable to access the internet as well.

The ripple effect of the payment disruption could extend beyond retail fuel and impact global trading companies and service firms. Pemex is attempting to recover by wiping infected computers and installing software patches.

A screen shot of the apparent ransom note written by the hackers behind the recent Pemex cyberattack.

Reuters is among those that have seen the ransom note. When the news agency emailed the apparent hackers, the response was that Pemex had already missed the first deadline to pay a discounted ransom. The company has until 30 November to pay the bitcoin ransom.

Pemex issued a statement this week saying that it will not pay the ransom. In a statement, the company said its wells and plants continue to operate as normal and that fuel supplies are “guaranteed.”

Pemex also said that it quickly “neutralized” the attack and contained it to less than 5% of its personal computers. “The oil community and society are invited to avoid rumors that damage the image of the company,” the statement read.

The cyber attackers used a well-documented malware, according to the cybersecurity firm Crowdstrike. The malware has been used previously to attack the networks of a small south Texas city and Chile’s Ministry of Agriculture.

Ransomware attacks are among the most common and involve locking individual users or an entire company out of key systems until a sum of money is paid to the infiltrator. In many cases, if a deadline is not met, users are locked out indefinitely or have their files deleted. The oil and gas industry is among the most targeted businesses in the world by both individual hackers and state-sponsored hacking groups.