Government issues general warning amid speculation about targeted attack

Spanish radio broadcaster Cadena SER and NTT-owned managed services firm Everis have become the latest victims of a targeted ransomware attack.

Both companies responded to the assault, which struck in the early hours of Monday morning, by asking workers to shut down computers and disconnect systems from the internet.

Cadena SER – Spain’s oldest radio network – confirmed the malware outbreak through a notice (en Castellano) on its website, without saying what strain of ransomware might have hit it.

Meanwhile, screenshots posted on social media, supposedly by employees of Everis, a Madrid-based consultancy with 24,000 employees globally, suggest that a variant of either the iEncrypt or BitPaymer ransomware had hit its business. This remains unconfirmed.

Anecdotal evidence suggests the ransomware has affected overseas branch offices of Everis, including its operations in Peru.

As outlined by security firm Symantec, BitPaymer is a strain of malware that encrypts files on compromised PCs before demanding a payment to unlock them.

The ransomware is distributed through either compromised RDP, fake updates, or emails. It is usually associated with targeted attacks rather than “spray and pray” tactics.

Read more of the latest ransomware news from The Daily Swig

The Spanish government put out an alert on Monday that cited the Cadena SER breach in warning other Spanish businesses to be wary of ransomware attacks.

Incibe, the Spanish government’s lead cybersecurity agency, offers advice for local organizations on how to respond to attacks of this nature.

Spain is no stranger to ransomware outbreaks. For example, Telefonica was badly hit by the WannaCry outbreak in 2017 that had an even more severe effect on the UK’s National Health Service.

YOU MIGHT ALSO LIKE Spanish police arrest three in $11.9m phishing scam probe