Ransomware Attacks In Spain Leave Radio Station In "Hysteria" (Nov 6, 2019)
Two large Spanish companies have been infected with ransomware, Everis an IT consultancy firm, and Spain’s largest radio network, Cadena SER. Everis, a company with more than 24,500 employees located in over 18 countries, was hit with a version of the BitPaymer ransomware. As of this writing, it is not known what ransomware infected Cadena SER. Due to the previous WannaCry attacks in Spain, the Department of National Security quickly issued a security advisory advising companies on security measures. Despite rumors, there is currently no evidence that other IT companies were infected.
Recommendation: Always run antivirus and endpoint protection software to assist in preventing ransomware infection. Maintain secure backups of all your important files to avoid the need to consider payment for the decryption key, and implement a business continuity plan in the unfortunate case of ransomware infection. Emails received from unknown sources should be carefully avoided, and attachments and links should not be followed or opened. Your company should sustain policies to consistently check for new system security patches. In the case of ransomware infection, the affected systems should be wiped and reformatted, even if the ransom is paid. Other machines on the same network should be scanned for other potential infections.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.