Radio Networks have restricted the use of computer equipment to prevent further spread. Experts believe that it may be a new massive attack of the ransomware Ryuk.
On Monday, November 4th, there was a massive ransomware attack in Spain, which affected radio networks and consulting companies. After hackers blocked access to computer systems and kidnapped files, they requested a ransom in Bitcoin for access to such information.
Prisa Radio executives confirmed in the morning that their systems were infected, stating that the network was severely and widely affected by the ransomware. The attack affected SER and Dial, two of the most popular radio stations in Spain, which have an audience of more than four million listeners.
SER executives notified that they have disconnected their computer equipment until further notice to prevent further spread of the binary scourge. In addition, the programming of the radio network has had to be modified at a local and regional level, thus only guaranteeing coverage in the city of Madrid.
The technology consultant Everis also suspended work activities because all the files in its network are at risk. It is possible to find on Twitter images of the message left by the malicious software on the company’s computers, demanding ransom in Bitcoin for releasing the files.
It also seems that hackers have targeted the Accenture’s subsidiary in Spain. The consulting company was not affected by the ransomware, but some employees complained that they had problems trying to get access to their work equipment.
Ryuk Is to Blame
The National Cybersecurity Institute of Spain (INCIBE) stated that there is no specific figure for the total number of companies that have been affected. However, they say that they are analyzing the situation and giving advice to all infected companies. Cybersecurity experts recommend keeping equipment disconnected to prevent further spread. They also advise that entrepreneurs consult with specialists about the possibility of recovering their files before paying hackers.
Sergio De los Santos, a cybersecurity specialist, notes that the Russian-born ransomware Ryuk might be responsible for these infections. The malicious software has already managed to encrypt the database of other Spanish companies and organizations in the past, such as the Jerez City Council, Bilbao and the Hazi Foundation.
The expert considers that this virus could spread due to a failure in Windows and Microsoft servers, which was reported in the month of May. The problem required that companies update the software of their computers and systems to avoid any malicious attack. De los Santos told national Spanish media that this is a direct, simple and inexpensive way of contagion.
Ransomware viruses are known for their working methodology, since they manage to enter vulnerable computers and encrypt all the information stored on their hard drives. After this raid, the criminals claim to have a single system to decrypt the computer files without damaging them, which they offer in exchange for a payment in Bitcoin. In some cases, such as Petya ransomware, file recovery is impossible, for which it is not recommended to make payments for the supposed software solution. There are also experts or free products on the market that can help decrypt files of certain types of ransomware.
By Willmen Blanco
