Spanish security firm hit by Ryuk ransomware

Prosegur reports information security incident now contained

A multinational Spanish security company is reported to have a been infected with ransomware this week, impacting its telecommunications platforms and customers worldwide.

Prosegur, a firm specializing in logistics and operations, stated on Wednesday (November 27) that a “security information incident” had forced the company to take precautions to limit any spread of infection.

This included activating its standard security protocols and restricting communications with customers, Prosegur said.

The Daily Swig has reached out to the company to confirm whether its systems are back up and running following the outbreak, which was later identified as the Ryuk ransomware strain.

“Prosegur reports that the incident detected today corresponds to a generic attack, caused by the RYUK ransomware,” the firm said in a statement published over Twitter.

“The company has enabled maximum security measures to prevent the spread both internally and externally of the virus.”

Ransomware – malware that encrypts files until a fee is paid – remains one of the biggest threats to organizations, despite a lull in consumer detections during the Q3 period of 2018.

Cybercriminals, Europol noted in its 2019 Internet Organized Crime Threat Assessment (IOCTA) report, have increasingly turned to targeting businesses and more precise targeting for greater return on investment.

A prevalence of ransomware-as-a-service has also attributed to the number of attacks hogging the headlines over the last year, but equally prompted awareness through campaigns such as the No More Ransom project.

Spain itself has experienced its fair share of ransomware incidents, including earlier this month on radio broadcaster Cadena SER and NTT-owned managed services firm Everis.

The news prompted the Spanish government to issue a warning (in Spanish) about about ransomware attacks. It reported that the country’s National Cybersecurity Institute handled 2,100 similar incidents in 2016 alone.

According to security researcher Kevin Beaumont (aka @GossiTheDog), Prosegur still has none of their “basic services” in operation as of today (November 29).

“Governments need to put more focus on the various big game ransomware people,” he said.

YOU MIGHT ALSO LIKE Ransomware still dominates the cyber threat landscape in 2019 – Europol report