Site icon Sophos News

Ransomware attacks in Spain leave radio station in “hysteria”

A ransomware attack has ransacked at least two Spanish companies, leaving their employees without computer access.

The ransomware hit radio broadcaster Sociedad Española de Radiodifusión (Cadena SER), which released a statement about the attack. The company said that it was maintaining its radio service from its Madrid headquarters with the help of autonomous teams. A technician there said that the company was in “hysteria mode”, according to local media.

Local press also reported that the Radio Systems Department at SER’s parent company PRISA issued a circular to staff which reads (translated):

We are immersed in a computer security incident. It is mandatory to comply with the following guidelines:

  • Under no circumstances can PRISA computer equipment be used (neither desktops nor laptops)
  • Under no circumstances can the Wi-Fi network be accessed.

There is no problem in using Outlook 365 email from your mobile phone and from private computers (desktops or laptops) and connecting to your One Drive, Share Point applications…

Please extend this statement to all your colleagues. We will keep you updated with any news.

The ransomware also hit IT services and consulting company Everis, which is a subsidiary of Japanese telco NTT. It came with a €750,000 ransom demand, according to Spanish site bitcoin.es.

Both companies have reportedly warned staff to switch off computers.

Although media reports to the contrary, both KPMG and Accenture confirmed they had not been hit with ransomware or cyberattacks. Spanish airline AENA said that it was taking preventative measures but had also not been affected by the ransomware.

Reports varied as to the nature of the malware. An advisory from the Spanish CERT said that it had been delivered via a file attached to an email.

Spain’s INCIBE-CERT said that it was helping affected companies mitigate and recover from the incident.

LEARN MORE ABOUT THIS ATTACK

Ransomware section starts at 19’06”.
Click-and-drag on the soundwaves below to skip ahead in the podcast.

How to protect yourself from ransomware

For more advice, please check out Sophos’s END OF RANSOMWARE page.

Exit mobile version