View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 28, 2019updated 11 Jul 2022 4:14am

Prosegur Hacked: Spanish SOC Provider Hit by Ryuk Ransomware

"Maximum security measures" enabled

By CBR Staff Writer

Spanish security firm Prosegur confirmed today that it has been hit by a ransomware attack. The company — which employs 170,000 staff globally and runs six security operations centres (SOCs) among other services — said it has been hit by the Ryuk malware and is working to contain the incident.

The attack comes less than a month after Spain’s Everis (an NTT Data subsidiary which also provides a wide range of cybersecurity services globally) was shut down by a ransomware attack; one of several to strike Spain this month, with a leading broadcaster also hit early in November.

All Prosegur services are reported to be temporarily offline. It was not immediately clear how far the ransomware had spread.

Prosegur reported revenues of over €3 billion in 2018. It is active in 25 countries with services across four key segments (see below).

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Prosegur Hacked

According to Derecho de la Red, as reported by Bleeping Computer the malware was delivered via Emotet. The Spanish website also confirmed that the entire company network was down and employers sent home.

(Confidence in Prosegur’s services is unlikely to be bolstered by the fact that it has let an SSL certificate expire, with visitors to its website being served a security alert right above the corporate slogan “security you can trust.”)

A response to the Everis attack early in November raised concerns about the efforts Spain’s cybersecurity authorities are taking to help underpin security measures across the country’s businesses (both Prosegur and Everis, as cybersecurity service providers should not, arguably, require the help).

The country’s Department of Homeland Security said in a breezy November 4 blog post that “this type of attack occurs quite frequently. In 2016, the National Cybersecurity Institute handled some 2,100 similar incidents…

“It does not compromise data security nor is it a data leak.”

Ryuk is specifically used to target enterprise environments, Crowdstrike notes, with code comparison between versions of Ryuk and Hermes ransomware indicating that Ryuk was derived from the Hermes source code and has been under steady development since its release.

“Hermes is commodity ransomware that has been observed for sale on forums and used by multiple threat actors. Since Ryuk’s appearance in August, the threat actors operating it have netted over 705.80 BTC across 52 transactions for a total current value of $3,701,893.98 USD” the security firm says.

Scores of companies across Europe have been burned by ransomware attacks this year, including a leader provider of forensic services to the Metropolitan police, a Norwegian aluminium producer and a Finnish oil company.

Read this: 5 Things to do Before Ransomware Strikes

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.