Customers complain after alarms go offline, as security firm hit by ransomware attack

Earlier this week Spanish security firm Prosegur shut down its network after its systems were hit by a ransomware infection.

The first reports that the company – which employs 170,000 staff worldwide, and operates a fleet of 10,000 armoured security vehicles transporting cash between banks, ATMs, and retailers – had suffered a serious security breach emerged in the early hours of Wednesday 27 November.

By the afternoon the company had reportedly sent employees home, and confirmed via its Twitter account that the disruption had been caused by the Ryuk ransomware, and that it had taken its network offline as a “preventative measure” while it worked on restoring affected systems.

For a while visitors to the Prosegur website were greeted by an upbeat message explaining that its online presence would be restored soon.

The Ryuk ransomware was blamed for almost single-handedly increasing cryptocurrency payments made to cybercriminals by almost 90% in the first quarter of 2019.

Although Prosegur has not released any technical details of how it came to be infected by the Ryuk ransomware, it is not unusual for attacks to be launched against targeted organisations via malicious emails.

Recent victims of the Ryuk ransomware have included three hospitals in Alabama, which were forced to turn away non-critical patients and ambulances.

Earlier this month, security reporter Brian Krebs revealed that 110 nursing homes in the United States were unable to access health records due to a Ryuk ransomware attack.

To its credit, Prosegur used its social media presence to keep customers updated about the security incident, and its progress in recovering from the attack.

Security researcher Kevin Beaumont noted, however, that Prosegur’s customers were less than happy that the system outage had impacted their own alarm systems which were failing to connect with Prosegur’s monitoring systems.

Prosegur’s website is now back online. Lets hope that Prosegur is able to fully recover the rest of its systems safely and securely, and share more technical information with the community about what occurred so others might be better defended in future.