A ransomware attack has ransacked at least two Spanish companies, leaving their employees without computer access.
The ransomware hit radio broadcaster Sociedad Española de Radiodifusión (Cadena SER), which released a statement about the attack. The company said that it was maintaining its radio service from its Madrid headquarters with the help of autonomous teams. A technician there said that the company was in “hysteria mode”, according to local media.
Local press also reported that the Radio Systems Department at SER’s parent company PRISA issued a circular to staff which reads (translated):
We are immersed in a computer security incident. It is mandatory to comply with the following guidelines:
- Under no circumstances can PRISA computer equipment be used (neither desktops nor laptops)
- Under no circumstances can the Wi-Fi network be accessed.
There is no problem in using Outlook 365 email from your mobile phone and from private computers (desktops or laptops) and connecting to your One Drive, Share Point applications…
Please extend this statement to all your colleagues. We will keep you updated with any news.
The ransomware also hit IT services and consulting company Everis, which is a subsidiary of Japanese telco NTT. It came with a €750,000 ransom demand, according to Spanish site bitcoin.es.
Both companies have reportedly warned staff to switch off computers.
Although media reports to the contrary, both KPMG and Accenture confirmed they had not been hit with ransomware or cyberattacks. Spanish airline AENA said that it was taking preventative measures but had also not been affected by the ransomware.
Reports varied as to the nature of the malware. An advisory from the Spanish CERT said that it had been delivered via a file attached to an email.
Spain’s INCIBE-CERT said that it was helping affected companies mitigate and recover from the incident.
LEARN MORE ABOUT THIS ATTACK
Ransomware section starts at 19’06”.
Click-and-drag on the soundwaves below to skip ahead in the podcast.
How to protect yourself from ransomware
- Pick strong passwords. And don’t re-use passwords, ever.
- Make regular backups. They could be your last line of defence against a six-figure ransom demand. Be sure to keep them offsite where attackers can’t find them.
- Patch early, patch often. Ransomware like WannaCry and NotPetya relied on unpatched vulnerabilities to spread around the globe.
- Lock down RDP. Criminal gangs exploit weak RDP credentials to launch targeted ransomware attacks. Turn off RDP if you don’t need it, and use rate limiting, 2FA or a VPN if you do.
- Use anti-ransomware protection. Sophos Intercept X and XG Firewall are designed to work hand in hand to combat ransomware and its effects. Individuals can protect themselves with Sophos Home.
For more advice, please check out Sophos’s END OF RANSOMWARE page.
Michael Curtis
I’m not sure I would be encouraging users to check their email via O365 if they think the attack came in via email attachment. I have seen users home computer anti virus protection and it isn’t always the most robust