In a statement at midday today (local time), Spanish multinational security company Prosegur announced that it was the victim of a cybersecurity incident disrupting its telecommunication platform.
The company restricted communications with its customers to avoid malware propagation.
Although there is no official confirmation, BleepingComputer has learned that the attack affects all Prosegur locations in Europe.
According to Derecho de la Red, the malware strain used in the attack is Ryuk, delivered via Emotet. The Spanish website also confirmed that the entire company network was down today and employees were sent home.
For the time being, BleepingComputer could not establish if Ryuk was indeed the ransomware used in the attack against Prosegur but we do see a significant spike in reports with this infection from Spain today.
It is unclear when Prosegur detected the incident, but some reports occurred before 6 a.m. (GMT+1), with some sources saying that the company network became unavailable around four in the morning, local time, and it is still down at the moment of writing.
Some users on Twitter criticized the company for delaying the release of a statement and providing too little information about what happened.
Below is the official statement from the company in English.The same announcement was delivered in Spanish by the company over Twitter.
This incident follows a similar one at the beginning of the month that impacted Everis, one of the largest managed service providers (MSP) in Spain and SER, the country’s largest radio network. The ransomware used in that attack was Bitpaymer.
This is a developing story; we will update the article with new details as they become available.