View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 4, 2019updated 11 Jul 2022 9:12am

BREAKING – Spanish Businesses Hit by Wave of Ransomware Attacks

Numerous companies hit, ransomware details not yet known

By CBR Staff Writer

UPDATED 13:50 BST 4/11/19 with more details, government comment.

Spain has been hit by a wave of ransomware attacks today, with NTT
Data-owned Everis – a major IT consultancy  – and national radio station SER among those reported to be affected.

Embarrassingly for Everis, it apparently offers its own “seamlessly integrated” cybersecurity services, including “security auditing, pentesting, vulnerability analysis and any other service focused on the proactive identification of vulnerabilities and weaknesses.”

The company has yet to respond to requests for comment.

“We are in hysteria mode” a technician from one of the companies hit told Spanish news media this afternoon.

The specific type of ransomware payload or the vulnerability they are exploiting have not yet been reported, but has various been named as Ryuk and Bitpaymer. Speculation is rife that the attack involves the exploitation of the so-called Bluekeep vulnerability, after an explosion of Bluekeep malware was detected over the weekend.

Spain’s largest radio station SER (Sociedad Española de Radiodifusión) confirmed it had been hit in a statement this afternoon saying it had suffered an attack “of the ransomware type… which has had a serious and widespread effect on all of all its computer systems.”

UPDATED 14:35 BST 4/11/19 with Aena comment. 

Major airport operator Aena confirmed to Computer Business Review that it categorically had not been impacted by the attacks, but had just taken precautionary measures to protect its networking systems. Despite reports to the contrary, Accenture also insisted it had not been affected.

SER, meanwhile, is being “kept running by its headquarters in Madrid, supported by autonomous teams”, the company said in a Spanish language statement.

The technicians are already working for the progressive recovery of the local programming of each of their stations.”

The country’s Department of Homeland Security played down the attacks, saying in an otherwise detail-free blog post that “this type of attack occurs quite frequently. In 2016, the National Cybersecurity Institute handled some 2,100 similar incidents…

“It does not compromise data security nor is it a data leak.”

The department confirmed SER had been hit and that it was a ransomware attack: “The infection path appears to be a file attached to an email (” La vía de infección parece ser un fichero adjunto a un correo electrónico”). 

Read this: BlueKeep Malware Lands, Spawns, Vanishes Abruptly

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.