Ransomware: Cadena Ser and Everis computer systems seriously affected by this malware
Table of Contents
It has been known that the companies Cadena Ser and Everis have been affected by a ransomware that has forced to paralyze the activity
Computer security is not foolproof and there are many security holes, the first being users. In May 2007, the WannaCry ransomware devastated the world with hundreds of infections. This condition has been repeated on a smaller scale this time affecting, as far as it is known, the Ser Chain and Everis systems. The systems have been encrypted and a ransom is requested in Bitcoin.
Ransomware is a type of malware that encrypts system files and requires a key to recover data. The attackers normally ask for a ransom in cryptocurrencies, mainly Bitcoin. This type of malware also spreads through the local network of systems in a very simple way, infecting all the systems of a network.
Cadena Ser and Everis affected by a ransomware
Everis would have sent some of his workers home to solve the problem. They have also kept all systems that were already shut down off to avoid infection. The Chain Being has suffered more from this attack, highlighting in its statement that: "It has had a serious and widespread impact on all its computer systems"
Cadena Ser and Los 40, who share facilities, have communicated the problem on social networks. This station has published a statement in which they indicate that: "it has been necessary to disconnect all its computer systems." The Madrid headquarters has been shut down in autonomous teams. In addition, experts are already working on recovering the systems and returning to normality.
Faced with the condition, Everis is preventing systems from being turned on and sending workers home. Affected systems display a black screen indicating that the condition can only be reversed if paid. It is required on this screen that an email address be entered where an amount of money in Bitcoin to be paid will be provided.
Other known conditions?
It is unknown at this time if there are more companies in the Spanish state with this affectation. There are several rumors that point to other companies, such as the KPMG consulting firm, although they have denied it on social networks
Accenture confirms on Twitter that they have not been affected
How would the infection have occurred?
The information is really scarce, but this type of infection has a human origin, usually. Due to a mistake or carelessness, a user downloads an infected file that has reached his mail, and then it spreads through the network. This would be how the first major infection of this type began in May 2017 that affected Telefónica.
INCIBE statement
The National Cybersecurity Institute (INCIBE) has a guide to action against these security problems. They have also released the following statement:
As a response team to cybersecurity incidents, CERT, a reference in cybersecurity for private companies, we are currently working on mitigation and recovery of the incident in coordination with the affected companies and the cybersecurity companies that support them, as part of our usual operational. In the same way, we are in permanent coordination with the rest of the national public organizations to support us in the ongoing investigation.
INCIBE statement
News in development ...
