{"id":617,"date":"2019-11-06T08:06:50","date_gmt":"2019-11-06T08:06:50","guid":{"rendered":"http:\/\/zerothcode.com\/blog\/?p=617"},"modified":"2020-10-08T05:28:29","modified_gmt":"2020-10-08T04:28:29","slug":"targeted-ransomware-attacks-hit-several-spanish-companies","status":"publish","type":"post","link":"https:\/\/zerothcode.com\/blog\/targeted-ransomware-attacks-hit-several-spanish-companies\/","title":{"rendered":"Targeted Ransomware Attacks Hit Several Spanish Companies"},"content":{"rendered":"
\"everis<\/a><\/div>\n

Everis<\/b>, one of the largest IT consulting companies in Spain, suffered a targeted ransomware attack on Monday, forcing the company to shut down all its computer systems until the issue gets resolved completely.<\/p>\n

Ransomware is a computer virus that encrypts files on an infected system until a ransom is paid.<\/p>\n

According to several local media, Everis informed its employees about the devastating widespread ransomware attack, saying:<\/p>\n

“We are suffering a massive virus attack on the Everis network. Please keep the PCs off. The network has been disconnected with clients and between offices. We will keep you updated.”<\/p><\/blockquote>\n

 <\/p>\n

“Please, urgently transfer the message directly to your teams and colleagues due to standard communication problems.”<\/p><\/blockquote>\n

According to cybersecurity consultant\u00a0Arnau Estebanell Castellv\u00ed<\/a>, the malware encrypted files on Everis’s computers with an\u00a0extension name<\/a>\u00a0resembling the company’s name, i.e., “.3v3r1s<\/b>,” which suggests the attack was highly targeted.<\/p>\n

At this moment, it’s unknown which specific ransomware family was used to target the company, but the attackers behind the attack reportedly demanded \u20ac750,000\u00a0(~USD 835,000) in ransom for the decryptor, a company insider\u00a0informed<\/a>\u00a0bitcoin.es site.<\/p>\n

However, considering the highly targeted nature of the attack, the founder of VirusTotal in a tweet\u00a0suggests<\/a>\u00a0the type of ransomware could be\u00a0BitPaymer<\/b>\/IEncrypt<\/b>, the same malware that was recently found exploiting a\u00a0zero-day vulnerability<\/a>\u00a0in Apple’s iTunes and iCloud software.<\/p>\n

Here’s the ransomware\u00a0message<\/a>\u00a0that was displayed on the screens of the infected computers across the company:<\/p>\n

Hi Everis, your network was hacked and encrypted.<\/i>
\nNo free decryption software is available on the web.<\/i>
\nEmail us at sydney.wiley@protonmail.com or evangelina.mathews@tutanota.com to get the ransom amount.<\/i>
\nKeep our contacts safe.<\/i>
\nDisclosure can lead to the impossibility of decryption.<\/i><\/p><\/blockquote>\n

What’s more?<\/b>\u00a0It seems like Everis is not the only company that suffered a ransomware attack this morning.<\/p>\n

Some other Spanish and European companies have reportedly also been hit by a similar ransomware malware during the same period, of which the national radio network\u00a0La Cadena SER<\/b>\u00a0has\u00a0confirmed<\/a>\u00a0the cyber attack.<\/p>\n

“The SER chain has suffered this morning an attack of a computer virus of the ransomware type, file encrypter, which has had a serious and widespread affectation of all its computer systems,” the company said.<\/p><\/blockquote>\n

 <\/p>\n

“Following the protocol established in cyberattacks, the SER has seen the need to disconnect all its operating computer systems.”<\/p><\/blockquote>\n

The company has also informed that its “technicians are already working for the progressive recovery of the local programming of each of their stations.”<\/p>\n

At the time of writing, it’s unclear if the hackers behind these ransomware attacks are the same, how the malware infiltrated the companies in the first place and did it contain wormable capabilities to successfully spread itself across the network.<\/p>\n

Though it’s unconfirmed, some people familiar with the incident also suspect attackers might have used the\u00a0BlueKeep RDP vulnerability<\/a>\u00a0to compromise the company’s servers, whose\u00a0first mass exploitation<\/a>\u00a0activity was spotted in the wild just yesterday in a separate campaign.<\/p>\n

The Hacker News is in contact with some of the targeted company’s employees and will update you with more information about the incident shortly.<\/p>\n

Meanwhile, the Spanish Department of Homeland Security has also\u00a0issued a warning<\/a>\u00a0about the ongoing cyber attack and recommended users to follow basic security practices like keeping their systems updated and having a proper backup of their important data.Some other Spanish and European companies have reportedly also been hit by a similar ransomware malware during the same period, of which the national radio network\u00a0La Cadena SER<\/b>\u00a0has\u00a0confirmed<\/a>\u00a0the cyber attack.<\/p>\n

“The SER chain has suffered this morning an attack of a computer virus of the ransomware type, file encrypter, which has had a serious and widespread affectation of all its computer systems,” the company said.<\/p><\/blockquote>\n

 <\/p>\n

“Following the protocol established in cyberattacks, the SER has seen the need to disconnect all its operating computer systems.”<\/p><\/blockquote>\n

The company has also informed that its “technicians are already working for the progressive recovery of the local programming of each of their stations.”<\/p>\n

At the time of writing, it’s unclear if the hackers behind these ransomware attacks are the same, how the malware infiltrated the companies in the first place and did it contain wormable capabilities to successfully spread itself across the network.<\/p>\n

Though it’s unconfirmed, some people familiar with the incident also suspect attackers might have used the\u00a0BlueKeep RDP vulnerability\u00a0to compromise the company’s servers, whose\u00a0first mass exploitation\u00a0activity was spotted in the wild just yesterday in a separate campaign.<\/p>\n

The Hacker News is in contact with some of the targeted company’s employees and will update you with more information about the incident shortly.<\/p>\n

Meanwhile, the Spanish Department of Homeland Security has also\u00a0issued a warning\u00a0about the ongoing cyber attack and recommended users to follow basic security practices like keeping their systems updated and having a proper backup of their important data.<\/p>\n","protected":false},"excerpt":{"rendered":"

Everis, one of the largest IT consulting companies in Spain, suffered a targeted ransomware attack on Monday, forcing the company<\/p>\n","protected":false},"author":1,"featured_media":618,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[37],"tags":[],"yst_prominent_words":[440,433,441,444,443,448,435,430,437,449,446,436,431,438,447,434,439,442,445,432],"class_list":["post-617","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hackers-news"],"_links":{"self":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/posts\/617","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/comments?post=617"}],"version-history":[{"count":0,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/posts\/617\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/media\/618"}],"wp:attachment":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/media?parent=617"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/categories?post=617"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/tags?post=617"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/yst_prominent_words?post=617"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}