in ,

Spanish companies ’networks shut down as result of ransomware, Ars Technica

Spanish companies ’networks shut down as result of ransomware, Ars Technica


      Sing Me Spanish Crypto –

             

Apparent BitPaymer variant strikes major IT consulting company, radio network.

      

          –

  

        

Photograph of the Madrid skyline on an overcast day.

Enlarge/Spanish broadcaster SER was hit by a ransomware attack on the morning of November 4, 2019, as was Spanish tech services firm Everis.

A targeted ransomware attack has taken down the networks of at least two companies in Spain today, sending ripples across other companies as they moved to defend themselves. The targets included Everis — a major IT services and consulting subsidiary of Japan-based global communications company NTT — and the radio company Sociedad Española de Radiodifusión (Cadena SER). A technician at one companytold Spanish broadcaster ABC, “We are in hysteria mode.”

Some other companies — including Spanish airport operator Aena — took down some of their services as a precautionary measure. They did so in part because Everis has staff on site at many Spanish corporations. But the attack may have affected other companies as well, though no others have publicly acknowledged the ransomware.

The ransomware appears to be avariant of the BitPaymerfamily that isconnected to the Dridex groupof malware, according to security researcher Vitali Kremez and others who have analyzed the attack .

A screenshot of the note delivered by the ransomware,posted by Spanish cryptocurrency news site Bitcoin.es, shows the hallmarks of a BitPaymer campaign.

The ransomware note delivered to Everis.

The ransomware note delivered to Everis.

2019 – 07 – 19: [Newer] 🆕# BitPaymeraka “wp_encrypt”# Ransomware🔒
GetTargeted Manual Deployment
{arp -a nslookup net view} | TAIL & KEY store | Windows Defender Emulator check from@ 0xAlexei‘s presentation
ht@ osipov_en
Reference:https: // t .co / aBhWOeb1Rkpic.twitter.com/cZ1aL529 MN

– Vitali Kremez (@VK_Intel) (July) , 2019

In July, researchers at the endpoint protection company Morphisec noted that Dridex was being used to deliver a BitPaymer variant in a campaign that had targeted a supply chain service provider in order to attack the provider’s customers. As Ars reported last week,managed service providers have been increasingly targeted by ransomware operators– including the October 22 BitPaymer attack on billing service provider Billtrust.

Spain’s Department of National Security (DSN)reported the attack on SERbut provided few details. “Following the protocol established in cyber attacks, the SER has seen the need to disconnect all its operating computer systems,” a DSN spokesperson said. The radio network continues to operate from Madrid, while technicians at local stations work on restoring systems in collaboration with Spain’s National Institute of Cybersecurity (INCIBE).

                                 

                  

Brave Browser
Read More
Payeer

What do you think?

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

Bernie Sanders calls out Apple’s “hypocrisy” in spending $ 2.5 billion on housing, Recode

Bernie Sanders calls out Apple’s “hypocrisy” in spending $ 2.5 billion on housing, Recode

A bonanza of data from the second Voyager to reach the Solar System’s edge, Ars Technica

A bonanza of data from the second Voyager to reach the Solar System’s edge, Ars Technica