Digital forensics specialists reported a massive ransomware campaign that has infected the networks of some major companies in Spain, including broadcaster Cadena SER and consulting firm Everis. According to reports, the attacks have been serious enough to deeply affect operations in both organizations, which report multiple outages and system failures.
Failures in the broadcaster’s IT systems were
even reported by listeners, who began reporting the problem via Twitter. The
company subsequently posted a statement on its official website, mentioning:
“We have made the decision to disconnect all our operating computer
systems. The broadcast will continue uninterrupted through the headquarters in
Madrid; our IT team is already working on restoring activities and retrieving
compromised information.”
As reported by digital forensics experts, as
well as some local media, the company has already started with an incident
recovery plan; part of this plan involves implementing some measures that all
employees of the company must comply with, such as:
- Do
not use PRISA computer equipment (including laptops and desktop PCs) - For
no reason should employees access any internal WiFi
network - In
case an employee needs to access their Outlook 365 email account, they must do
so from a computer or mobile device that is not connected to the company’s
networks
On the other hand, Everis employees have been
instructed not to connect to the company’s internal networks, and they will
need to keep their devices turned off, at least for now. Even in some areas of
the company the activities were completely interrupted, so employees were sent
back home.
According to reports from digital forensics
experts, only a black screen with the ransom note of the hackers appears on the
computers compromised during this incident. In the message, the attackers claim
that there is no tool to decrypt this ransomware available, so victims will
have to pay the demanded ransom.
Although there is still no official news of
other victims of this attack, local media report that other companies, such as
KPMG and Accenture, may have been affected as well. Both companies have already
issued statements mentioning that so far there are no indications of any
ransomware infection on their systems.
Each company is responsible for the way it
addresses a cybersecurity incident, however, digital forensics specialists from
the International Institute of Cyber Security (IICS) recommend never paying the
ransom to hackers, as there is nothing that ensure that threat actors will
honor their part of the deal and hand over the keys to remove encryption from
our devices. Another key recommendation is to report such crimes to the
competent authorities; otherwise the authorities would have no evidence to try
a criminal in the event of an arrest.
