Security firm Prosegur shuts down operations after ransomware attack

According to ethical hacking specialists, multinational private security firm Prosegur was the victim of a massive ransomware attack that forced the shutdown of operations on its telecommunications platform. The company, based in Spain, acknowledged the incident through a statement published around noon yesterday (local time).

As a security measure, the company decided to restrict communications with its customers, aiming to stop the spread of the infection. Prosegur has made no official statements on the scope of the incident, although according to the specialized platform BleepingComputer, the ransomware affected all the company’s facilities in Europe.

Derecho de la Red, a Spanish website dedicated to cybersecurity issues, claimed hours after the incident that the variant of encryption malware used during the attack on Prosegur was Ryuk, a powerful ransomware arose a couple of years ago. In addition, on this site it is mentioned that the entire network of the company was crippled, so there was no way to work for hours. According to these early versions, the ransomware would have been sent via the Emotet virus, malicious software used in multiple cyberattack variants.

Security firms and ethical hacking specialists reported a recent increase in Ryuk infections in Europe, mainly in Spain. Prosegur did not reveal when the incident was detected, although it is reported that the company’s networks would have been inactive since the early hours of Wednesday local time.

The company released the first official statements after a few hours of the incident detection, which caused the hassle of multiple users still ignoring the attack on Prosegur: “I can’t log in to the user app or connect to the customer website,” the user @bigmickt mentioned via Twitter.

In the first office statement about the incident, the company mentioned: “Prosegur reports that there has been an information security incident in its telecommunications systems. After its detection, the corresponding security protocols were initiated; we will try to establish the necessary measures to restore all our services as soon as possible.”

In the most recent update of the incident, Prosegur acknowledges that this is a Ryuk infection: “We have implemented the strictest security measures to stop the spread of ransomware inside and outside our networks”. Experts in ethical hacking mention that the company’s communications will remain interrupted for an as yet undetermined time. Prosegur is working at forced marches to prevent data loss, the worst-case scenario during such incidents. 

A few weeks ago, ethical hacking specialists from the International Institute of Cyber Security (IICS) reported a similar incident in Everis, a management services firm, as well as at Cadena SER, a major broadcaster in Spain. Both companies were infected with Bitpaymer, another popular variant of ransomware; it is so far unknown whether companies agreed to pay the ransom to hackers or if they re-established their systems from security backups.