2 Ransomware Attacks Reported in SpainRadio Network, Consultancy Are Targeted
In two separate incidents on Monday, ransomware crippled the systems of a radio network and a major consulting firm in Spain, news portal Bitcoin.es reports.
Radio network ACadena SER and consultancy Everis, which offers outsourcing, were attacked during the early hours on Monday, acccording to Bitcoin.es. In both cases, employees were unable to access their files.
In a notice to its employees, Everis acknowledges it suffered a ransomware attack. It directed its employees to turn off their computers and took down its internal networks to contain the infection.
Cadena SER gave out similar instructions and said its security team is working to recover its files.
"The SER chain has suffered this morning an attack of a computer virus of the ransomware type, file encrypter, which has had a serious and widespread affectation of all its computer systems," Cadena SER said in an update on Monday. "Following the protocol established in cyberattacks, SER has seen the need to disconnect all its operating computer systems."
It's not yet clear if the same actor is behind both attacks.
Bitcoin.es reports that sources say the attacker demanded $836,000 ransom from Everis for decrypting the files.
"We're continuing to see geopolitical tension evolve in cyberspace, and these latest cyberattacks on Spain are a digital manifestation of the Catalonian independence movement," Tom Kellermann, head cybersecurity strategist at VMware Carbon Black, tells Information Security Media Group.
Following the attack, a ransom note sent to Everis was widely shared on Twitter. BleepingComputer reports that the ransom strain involved apparently was BitPaymer.
According to security researchers at Symantec, who did the first in-depth study of the BitPaymer in July, the Trojan encrypts files on a victim's computer before demanding a ransom.
In October, Billtrust, a cloud-based, business-to-business payment provider was hit by ransomware suspected as being BitPaymer (see: Report: Billtrust Recovering From Ransomware Attack ).
In another instance during the same month, the German-based automation tool manufacturer Pilz suffered a ransomware attack that ZDNet reported also involved BitPaymer.