Photograph of the Madrid skyline on an overcast day.
Enlarge / Spanish broadcaster SER was hit by a ransomware assault on the morning of November 4, 2019, as was Spanish tech providers agency Everis.

A focused ransomware assault has taken down the networks of at the very least two firms in Spain at the moment, sending ripples throughout different firms as they moved to defend themselves. The targets included Everis—a serious IT providers and consulting subsidiary of Japan-based international communications firm NTT—and the radio firm Sociedad Española de Radiodifusión (Cadena SER). A technician at one firm informed Spanish broadcaster ABC, “We are in hysteria mode.”

Some different firms—together with Spanish airport operator Aena—took down some of their providers as a precautionary measure. They did so partly as a result of Everis has workers on website at many Spanish companies. But the assault could have affected different firms as properly, although no others have publicly acknowledged the ransomware.

The ransomware seems to be a variant of the BitPaymer household that’s linked to the Dridex group of malware, in accordance with safety researcher Vitali Kremez and others who’ve analyzed the assault.

A screenshot of the notice delivered by the ransomware, posted by Spanish cryptocurrency information website Bitcoin.es, reveals the hallmarks of a BitPaymer marketing campaign.

The ransomware note delivered to Everis.

The ransomware notice delivered to Everis.

In July, researchers on the endpoint safety firm Morphisec famous that Dridex was getting used to ship a BitPaymer variant in a marketing campaign that had focused a provide chain service supplier with a view to assault the supplier’s clients. As Ars reported final week, managed service suppliers have been more and more focused by ransomware operators—together with the October 22 BitPaymer assault on billing service supplier Billtrust.

Spain’s Department of National Security (DSN) reported the assault on SER however supplied few particulars. “Following the protocol established in cyber attacks, the SER has seen the need to disconnect all its operating computer systems,” a DSN spokesperson stated. The radio community continues to function from Madrid, whereas technicians at native stations work on restoring programs in collaboration with Spain’s National Institute of Cybersecurity (INCIBE).

You can change your languageen English
X
>

This menu is coming soon!

Story

Write Story or blog.

Image

Upload Status or Memes or Pics

Video

Upload videos like vlogs.

More Formats

Coming Soon!

My Style

Your profile's Look

My Followers

People who follow you

My Interests

Your Posts Preference

My Bookmarks

Bookmarked Posts

My Following

People you follow

Settings

Your profile's Settings

Logout

Log out of Rapida

Sign In

Login to your Rapida Account

Register

Create account on Rapida