Prosegur, the private security giant, has become the most recent multi-national to face operational issues after being attacked by ransomware. The company has over 60,000 employees worldwide and declared profits of €118 million in the first three quarters of 2019.
However, in a recent statement on the company’s Twitter account, Prosegur claimed that they have fallen victim to the Ryuk variant. They added that it had “enabled maximum security measures” to ensure the malware, including the “restriction of all communications” would not spread.
Security researchers who were responsible for monitoring the incident discussed the matter in a series of tweets. They explained that the impact of the attack was severe and that the company website was taken offline in various regions.
“Prosegur appear to be in a hell of a mess, I’ve been monitoring social media posts and staff outside Spain in multiple offices report Ryuk ransomware on systems and outage of all services, so I’m guessing they have a common AD domain,” said UK-based Kevin Beaumont.
“Prosegur incident is just over a day old, customers and resellers are taking to Twitter saying alarms aren’t working and resellers saying they’re getting abusive calls from their customers. An entire ecosystem of security and cash handling services are up in the air.”
A follow-up statement from the firm the following day appeared to suggest that the situation has been handled appropriately.
“The ransomware, Ryuk, has been fully contained and the company has already deployed all the necessary mitigatory controls. Likewise, Prosegur has already begun the process of restoring its services,” it said.
“In addition to restricting its communications, the company initiated an investigation to determine the typology of the incident, its behaviour, evaluation of the scope and definition of containment and recovery procedures, all of them included in the response plan for incidents of information security.”
The firm went on to say that it is in contact with the “competent authorities” and is providing relevant technical information to “other actors,” while emphasising the need for collaboration to fight a cyber-threat that continues to evolve.
Whitehall Media’s prestigious biannual 12th ESRM conference is set to discuss how enterprises are increasing awareness from the board down, adopting effective incidence response planning, adding threat analytics to their security response and investigating security events with robust incident forensics.