Business Continuity Management / Disaster Recovery , Fraud Management & Cybercrime , Governance & Risk Management

2 Ransomware Attacks Reported in Spain

Radio Network, Consultancy Are Targeted
2 Ransomware Attacks Reported in Spain

In two separate incidents on Monday, ransomware crippled the systems of a radio network and a major consulting firm in Spain, news portal reports.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

Radio network ACadena SER and consultancy Everis, which offers outsourcing, were attacked during the early hours on Monday, acccording to In both cases, employees were unable to access their files.

In a notice to its employees, Everis acknowledges it suffered a ransomware attack. It directed its employees to turn off their computers and took down its internal networks to contain the infection.

Cadena SER gave out similar instructions and said its security team is working to recover its files.

"The SER chain has suffered this morning an attack of a computer virus of the ransomware type, file encrypter, which has had a serious and widespread affectation of all its computer systems," Cadena SER said in an update on Monday. "Following the protocol established in cyberattacks, SER has seen the need to disconnect all its operating computer systems."

It’s not yet clear if the same actor is behind both attacks. reports that sources say the attacker demanded $836,000 ransom from Everis for decrypting the files.

Spain's Department of Homeland Security and Instituto Nacional de Ciberseguridad, which focuses on the country's cybersecurity, have issued ransomware warnings.

"We’re continuing to see geopolitical tension evolve in cyberspace, and these latest cyberattacks on Spain are a digital manifestation of the Catalonian independence movement," Tom Kellermann, head cybersecurity strategist at VMware Carbon Black, tells Information Security Media Group.

BitPaymer Involved?

Following the attack, a ransom note sent to Everis was widely shared on Twitter. BleepingComputer reports that the ransom strain involved apparently was BitPaymer.

According to security researchers at Symantec, who did the first in-depth study of the BitPaymer in July, the Trojan encrypts files on a victim's computer before demanding a ransom.

In October, Billtrust, a cloud-based, business-to-business payment provider was hit by ransomware suspected as being BitPaymer (see: Report: Billtrust Recovering From Ransomware Attack ).

In another instance during the same month, the German-based automation tool manufacturer Pilz suffered a ransomware attack that ZDNet reported also involved BitPaymer.

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.