According to ethical hacking specialists, multinational private security firm Prosegur was the victim of a massive ransomware attack that forced the shutdown of operations on its telecommunications platform. The company, based in Spain, acknowledged the incident through a statement published around noon yesterday (local time).
As a security measure, the company decided to restrict communications with its customers, aiming to stop the spread of the infection. Prosegur has made no official statements on the scope of the incident, although according to the specialized platform BleepingComputer, the ransomware affected all the company’s facilities in Europe.
Derecho de la Red, a Spanish website dedicated
to cybersecurity issues, claimed hours after the incident that the variant of
encryption malware used during the attack on Prosegur was Ryuk, a powerful
ransomware arose a couple of years ago. In addition, on this site it is
mentioned that the entire network of the company was crippled, so there was no
way to work for hours. According to these early versions, the ransomware would
have been sent via the Emotet
virus, malicious software used in multiple cyberattack variants.
Security firms and ethical hacking specialists
reported a recent increase in Ryuk infections in Europe, mainly in Spain.
Prosegur did not reveal when the incident was detected, although it is reported
that the company’s networks would have been inactive since the early hours of
Wednesday local time.
The company released the first official
statements after a few hours of the incident detection, which caused the hassle
of multiple users still ignoring the attack on Prosegur: “I can’t log in
to the user app or connect to the customer website,” the user @bigmickt
mentioned via Twitter.
In the first office statement about the
incident, the company mentioned: “Prosegur reports that there has been an
information security incident in its telecommunications systems. After its
detection, the corresponding security protocols were initiated; we will try to
establish the necessary measures to restore all our services as soon as
possible.”
In the most recent update of the incident,
Prosegur acknowledges that this is a Ryuk infection: “We have implemented
the strictest security measures to stop the spread of ransomware inside and
outside our networks”. Experts in ethical hacking mention that the
company’s communications will remain interrupted for an as yet undetermined
time. Prosegur is working at forced marches to prevent data loss, the
worst-case scenario during such incidents.
A few weeks ago, ethical hacking specialists
from the International Institute of Cyber Security (IICS) reported a similar
incident in Everis, a management services firm, as well as at Cadena SER, a
major broadcaster in Spain. Both companies were infected with Bitpaymer,
another popular variant of ransomware; it is so far unknown whether companies
agreed to pay the ransom to hackers or if they re-established their systems
from security backups.
