At least two companies in Spain have suffered a cyber attack that has locked their computer systems from the early hours of Monday. The String to BE and Everis, a technological consulting firm, are the two known victims of the attack. All day Monday, other companies came out to deny that they had suffered a cyber attack. The Incibe is the body responsible for the cybersecurity of private enterprises in spain, has not given details yet about the number of people affected or the characteristics: “it Is confidential information,” he told this newspaper.
According to has been able to confirm THE COUNTRY of sources of the self, the virus implicated in the attack is Ryuk, the same that attacked the Town of Jerez on the 27th of September. Ryuk is a ransomware program that encrypts files of the victims and calls for a bailout to allow their recovery. Ryuk appeared in August of 2018 and is managed by a Russian group called Grim Spider, according to the consultancy firm Crowdstrike. Until January of 2019 had achieved € 3.5 million in 52 transactions. “They are industry professionals, with years dedicated to the banking fraud,” says a cybersecurity expert.
Message that it has stopped the virus Ryuk in the chain to BE.
Cajamar and ING have refused to this newspaper who have been victims of any cyber attack, despite having admitted problems in their lines of communication, reports Íñigo de Barrón . The insurer Mapfre also has refused and has insisted that they have their teams ready for if it arrives a new wave. KPMG and Accenture have also come out publicly to dispel various pieces of information that entailed.
Incibe has been the only entity that has admitted to its official form of the attack: “we Work in the mitigation and recovery of the incident in coordination with the affected companies,” he said in a public statement.
The String to BE detected the attack at about 2 in the morning. “Since then we have focused on preserving the broadcast, what we have achieved,” say sources in the direction of the station. The company alerted the public bodies concerned, which confirmed that the attack was not responding to political connotations. “Part of the cyber crime the use, and it is an attack on european companies”, say the same sources. The chain asked its workers not to use any computer equipment of the company or the wifi network to connect to the Internet.
In the BE not have received the message of extension “.txt” that calls the rescue, as usual in the attacks of Ryuk. There is therefore a financial amount linked to the attack. Yes there was a file with the name of the virus and a mail account. It is usual that Grim Spider calculate the reward that you want to receive according to the size and value of the firm victim.
despite the fact that you only know the name of two companies victims of the attack, it is very likely that there is more affected that prefer not to be identified, hence the caution of the Incibe. “It’s an attack rather massive”, they have indicated the sources of the BE to this newspaper. It is possible that in the next few days appear to be new cases or that the Incibe end up giving a figure more complete in the number of people affected.
A tele French, also a victim
last October 14th, the French tv channel M6, the largest private group in the country, was also the victim of an attack of ransomware during a weekend. As the SER, the radio station managed to stay on direct in its ten channels of television and radio. Not had the same luck and The Weather Channel, the channel american dedicated to time, which disappeared from antenna during hour and a half in the past month of April due to an attack of ransomware.