Ryuk Ransomware Forces Prosegur Security Firm to Shut Down Network (Nov 27, 2019)
The multinational security company Prosegur, based in Spain, has made an announcement that there were disruptions to its telecommunications platform as a result of a cyberattack. The malware used in the attack is “Ryuk”, a ransomware that specifically targets enterprise, downloaded via Emotet. To prevent further spread of the ransomware, Prosegur restricted communications with its customers and are continuing to do so until they can ascertain that their systems are clean of the infection. Prosegur has stated once investigations have been completed, affected systems will be brought to full functionality.
Recommendation: Always run antivirus and endpoint protection software to assist in preventing ransomware infection. Maintain secure backups of all your important files to avoid the need to consider payment for the decryption key, and implement a business continuity plan in the unfortunate case of ransomware infection. Emails received from unknown sources should be carefully avoided, and attachments and links should not be followed or opened. Your company should sustain policies to consistently check for new system security patches. In the case of ransomware infections like Ryuk, the affected systems should be wiped and reformatted, even if the ransom is paid. Other machines on the same network should be scanned for other potential infections.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.