Two Major Spanish IT Firm Networks Shut down as a result of Ransomware infecting their network.
Ransomware Strikes Again!
The major Spanish companies which are including radio company Sociedad Española de Radiodifusión and NTT-owned IT services firm Everis have become the latest victims of a targeted ransomware attack.
The attack is said to have started in the early hours of Monday, according to the Spanish daily ABC. Indications are that the ransomware strain that hit Everis is a version of BitPaymer, which has increasingly been used by attackers to lock compromised systems on a breached network.
Both companies have told employees to shut down their computers and disconnect their networks from the Internet.
Ransomware appears to be a variant of the BitPaymer family that is linked to the Dridex malware group, according to security researcher Vitali Kremez and others who analyzed the attack.
2019-07-19: [Newer] 🆕#BitPaymer aka "wp_encrypt" #Ransomware🔒
👁🗨Targeted Manual Deployment
{ arp -a + nslookup + net view } | TAIL & KEY store | Windows Defender Emulator check from @0xAlexei's presentation
ht @osipov_ar
Reference: https://t.co/aBhWOeb1Rk pic.twitter.com/cZ1aL529mn— Vitali Kremez (@VK_Intel) July 19, 2019
Although there is no sign of a ransomware outbreak similar to WannaCry, the two ransomware infections have had a major impact on the local Spanish business scene. Many local companies use Everis software for day-to-day activities, and there were some who feared they might have been infected, choosing to shut down operations to inspect systems.
Although not confirmed, multiple reports suspect that the attackers may have used the BlueKeep vulnerability to remotely compromise the servers of the company.