The international physical security group was the victim of a Ryuk ransomware malware.
Although he claims to have been able to contain the attack and begin the programme of restoring his infected services, his clientele is starting to growl more and more impatient.
This article will also interest you: Windows and ransonware: Harder to fight ransomware
The statement was made precisely on November 27, in which the company Security Prosegur reports of a computer attack that "its telecommunications platforms." She indicated by "immediately activate its security protocols, including in the restricting communications with customers to prevent spread ». From any diligence, the company also ensured that it was able to identify clearly the culprit of the attack computer science. It is a program called Ryuk, a software type ransomware.
For those who remember, this computer program (Ryuk ransomware) to the peculiarity of not spreading any alone. Indeed, another malware such as Emotet or Trickbot is often used to convey the latter. Clearly, this should be taken as bad news for physical security company. Indeed, once the attackers managed to penetrate the system and to immobilize it, they also have time to explore it in depth peak. which usually ends in corruption of the very heart of IT infrastructure in our case here: the directory. It's just that this action carried out that the virus is deployed
Adam Meyers, vice president of CrowdStrike in charge of the intelligence service threats, "attacks involving Ryuk are part of what specialists call big game hunting "where cyber groups criminals such as "Grim Spider" target large corporations in the context of generate higher and higher payments. Thus: "In such cases, the ransomware is deployed throughout the organization to maximize income." The perpetrators of the Ryuk ransomware are suspected of acting since the Russia.
For his part, Emotet gradually woke up to August, after a brief break during the summer. Recently, the cybersecurity company, Check Point awarded it first place on the podium threats during the month of October, after it had been for some time time to fifth place. From the beginning of November, it was the turn Proofpoint to report a rather remarkable return on the part of the malware with "regular high-volume campaigns (…) at during the last two weeks of September, these attacks amounted to more than 11% of all malicious payloads."
In addition, on November 28, Prosegur confidently asserted have managed to contain it fully and have "already deployed all remediation controls necessary."
Referring to his press release, the process of restoring the services affected by the attack was initiated. And we feel more and more the urgency is more and more noticeable.
Now access an unlimited number of passwords: