Spanish security firm Prosegur disclosed Wednesday, Nov 27, it had suffered from a ransomware attack that impacted its telecommunication network. The security incident prompted the company to shut down its IT system to prevent possible malware propagation.
In a statement, the multinational security company assured it had taken "maximum security measures" to prevent the ransomware from spreading, which they had identified to be the notorious Ryuk.
"Prosegur reports that the incident detected today corresponds to a generic attack, caused by the Ryuk ransomware. The company has enabled maximum security measures to prevent the spread both internally and externally of the virus,” the company said on a tweet.
To date, all Prosegur services are reported to be temporarily offline. So far, the company didn’t reveal when exactly the incident was detected or how far the ransomware had spread. However, UK security researcher Kevin Beaumont told ZDNet that the first reports of the ransomware attack came in before 6 in the morning.
The incident follows a similar security event that had impacted Spain’s NTT DATA Company, Everis, earlier this month. The ransomware used in that attack was called Bitpaymer.
Founded in 1976, Prosegur operates as a multinational security company headquartered in Madrid, Spain. To date, the firm stands as one of the key players in providing armored vehicles for cash transports between banks and automatic teller machines (ATMs), retailers, and other businesses.
The company now houses around 170,000 employees and operates in Europe, the USA, Latin America, and the Asia Pacific region.
Ryuk ransomware, the malicious malware that had impacted the firm, is a virus operated by the sophisticated eCrime group WIZARD SPIDER. It stands as notorious ransomware that targets the US state and local governments for high-ransom returns.
In November alone, Ryuk was reported to have impacted 400 veterinary hospitals and a Virtual Care Provider.
“It is a malware of the ransomware type that acts on the vulnerability of the office automation components of the PCs, encrypting all the files and those of the network units to which they are connected, and infecting the rest of Windows systems that are in That same network,” the country’s Department of Homeland Security explained in a blog post dated Nov 4.
“After installing on the computer, it blocks access to the files of the affected computer and asks for a rescue. The infection path appears to be a file attached to an email. It does not compromise data security nor is it a data leak,” the post added.
To date, although Prosegur has already recovered most of its website, it is still currently working on resolving the impact caused by the ransomware, especially in its media page.