Last Monday, two Spanish companies, among others the SER and Everis technology firm, were victims of a ransomware attack that demanded ransom in Bitcoins, which aroused fear in the Iberian Peninsula and captured worldwide attention, due many remembered what happened with WannaCry in 2017. At that time, Spain was one of the first countries infected by ransomware and many feared that history was repeating itself.
In the case of Everis, the infection spread in several of its branches using the company’s internal network. Affected companies were forced to close their networks as a precaution.
A similar measure was taken by the radio station Sociedad Española de Radiodifusión SER, the largest in Spain. In the case of this entity, it was still unclear what type of ransomware was used for the attack and if it is directly linked to the Everis attack.
SER released a statement stating that «it has been necessary to disconnect all its operating computer systems.» Notwithstanding the foregoing,
At the governmental level, the Department of National Security (DNS) of Spain, published a statement confirming what happened and the actions taken by the SER chain. For its part, the National Institute of Cybersecurity (Incibe) assured the newspaper El Confidencial of that country, that they are analyzing the situation and advising the affected companies.
During the first hours the rumor circulated from other affected companies, such as KPMG and Accenture, however, both entities came out to deny the information.
Other companies, including Spanish airport operator Aena, eliminated some of their services as a precaution. They did it in part because Everis has staff in many Spanish entities. The attack may have affected other companies, although no other has publicly recognized the ransomware.