Rewterz Threat Alert – Ransomware Attacks Targeting Spain

Wednesday, November 6, 2019

Severity

Medium

Analysis Summary

A ransomware campaign that is affecting several organizations in Spain. First reported on November 4, 2019, an unattributed threat actor conducted a ransomware attack on at least two confirmed Spanish networks, Everis, an IT consulting firm, and SER, Spain’s largest radio network. Open source reporting indicated that the attacker demanded approximately $835,000 USD in ransom for the decryptor. Preliminary, early reporting suggests that the ransomware in question may be Ryuk, BitPaymer or the BitPaymer variant Dopplepaymer, which is delivered via email to the victim and exploits an RDP-based vulnerability.

Impact

File encryption

Indicators of Compromise

SH256

bd327754f879ff15b48fc86c741c4f546b9bbae5c1a5ac4c095df05df696ec4f

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.

Data Sheets

Corporate Brochure


Our Story


Services


Solutions


Managed Security


Upcoming Rewterz Trainings/Events

Rewterz News

  • 12, November 2019 Rewterz Threat Alert – Sodinokibi Ransomware Targeting Asia via the RIG Exploit Kit
  • 12, November 2019 Rewterz Threat Alert – Scammers Abusing a New Firefox Browser Lock Bug
  • 11, November 2019 Rewterz Threat Alert – Variant of Adwind RAT Targets Petroleum Sector
  • 11, November 2019 Rewterz Threat Alert – Titanium Malware: the Platinum group strikes again

Copyright © Rewterz. All rights reserved.