Ryuk Ransomware Forces Prosegur Security Firm to Shut Down Network

Posted by & filed under Security Alerts.

In a statement at midday today (local time), Spanish multinational security company Prosegur announced that it was the victim of a cybersecurity incident disrupting its telecommunication platform.

The company restricted communications with its customers to avoid malware propagation.

According to Derecho de la Red, the malware strain used in the attack is Ryuk, delivered via Emotet. The Spanish website also confirmed that the entire company network was down today and employees were sent home.

It is unclear when Prosegur detected the incident, but some reports occurred before 6 a.m. (GMT+1), with some sources saying that the company network became unavailable around four in the morning, local time, and it is still down at the moment of writing.

Some users on Twitter criticized the company for delaying the release of a statement and providing too little information about what happened.

Below is the official statement from the company in English.The same announcement was delivered in Spanish by the company over Twitter.

This incident follows a similar one at the beginning of the month that impacted Everis, one of the largest managed service providers (MSP) in Spain and SER, the country’s largest radio network. The ransomware used in that attack was Bitpaymer.

Update [11/27/2019, 15:25 EST]: In an update on Twitter, Prosegur confirmed that the malware causing the disruption of its services is Ryuk, labeling the incident a “generic attack.”

The company says that it took maximum security measures to stop the malware from spreading internally and to the networks of its clients.

As a precaution, the company continues to restrict communications until it makes certain that its systems are clean and is currently working to restore affected services at the fastest rate possible.

 

The information contained in this website is for general information purposes only. The information is gathered from Bleeping Computer, while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.  Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them. Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.