In a statement at midday today (local time), Spanish multinational security company Prosegur announced that it was the victim of a cybersecurity incident disrupting its telecommunication platform.
The company restricted communications with its customers to avoid malware propagation.
Although there is no official confirmation, BleepingComputer has learned that the attack affects all Prosegur locations in Europe.
According to Derecho de la Red, the malware strain used in the attack is Ryuk, delivered via Emotet. The Spanish website also confirmed that the entire company network was down today and employees were sent home.
For the time being, BleepingComputer could not establish if Ryuk was indeed the ransomware used in the attack against Prosegur but we do see a significant spike in reports with this infection from Spain today.
It is unclear when Prosegur detected the incident, but some reports occurred before 6 a.m. (GMT+1), with some sources saying that the company network became unavailable around four in the morning, local time, and it is still down at the moment of writing.
Some users on Twitter criticized the company for delaying the release of a statement and providing too little information about what happened.
Below is the official statement from the company in English.The same announcement was delivered in Spanish by the company over Twitter.
This incident follows a similar one at the beginning of the month that impacted Everis, one of the largest managed service providers (MSP) in Spain and SER, the country’s largest radio network. The ransomware used in that attack was Bitpaymer.
Update [11/27/2019, 15:25 EST]: In an update on Twitter, Prosegur confirmed that the malware causing the disruption of its services is Ryuk, labeling the incident a “generic attack.”
The company says that it took maximum security measures to stop the malware from spreading internally and to the networks of its clients.
As a precaution, the company continues to restrict communications until it makes certain that its systems are clean and is currently working to restore affected services at the fastest rate possible.