PDVSA Cyberattack Disrupts Administrative Systems, Oil Cargo Deliveries Suspended

Venezuela’s state-owned oil company, Petróleos de Venezuela S.A. (PDVSA), faced a major ransomware cyberattack detected days before December 15, 2025, severely disrupting its centralized administrative systems. Although PDVSA publicly insisted that oil production, refining, and domestic fuel distribution remained operational thanks to isolated security protocols the incident halted all oil cargo deliveries, stranding millions of barrels on tankers bound for export markets.
​Company sources revealed to Reuters that antivirus remediation efforts inadvertently crashed the entire administrative network, forcing employees to revert to handwritten logs amid total system downtime. PDVSA issued urgent memos directing staff to power off computers, disconnect external devices, disable Wi-Fi and Starlink connections, and bolster physical security at facilities. The company’s website stayed offline for days, underscoring the breach’s scope.
​PDVSA and Venezuelan officials blamed “U.S.-orchestrated aggression” by foreign interests allied with domestic extremists, framing it as an assault on national energy sovereignty to seize oil resources echoing recent U.S. tanker seizures amid sanctions. No evidence linked the U.S. government, per experts, and the timing aligned with escalating geopolitical tensions involving China, Russia, Iran, and Cuba.
​By December 17, PDVSA reported resuming limited tanker loadings after segregating field, refinery, and port operations from the compromised central systems, declaring exports normalized despite lingering effects. This event highlights vulnerabilities in energy sector IT infrastructure, blending cyber threats with hybrid geopolitical warfare.