Rewterz Threat Alert – Ransomware Attacks Targeting Spain

Wednesday, November 6, 2019

Severity

Medium

Analysis Summary

A ransomware campaign that is affecting several organizations in Spain. First reported on November 4, 2019, an unattributed threat actor conducted a ransomware attack on at least two confirmed Spanish networks, Everis, an IT consulting firm, and SER, Spain’s largest radio network. Open source reporting indicated that the attacker demanded approximately $835,000 USD in ransom for the decryptor. Preliminary, early reporting suggests that the ransomware in question may be Ryuk, BitPaymer or the BitPaymer variant Dopplepaymer, which is delivered via email to the victim and exploits an RDP-based vulnerability.

Impact

File encryption

Indicators of Compromise

SH256

bd327754f879ff15b48fc86c741c4f546b9bbae5c1a5ac4c095df05df696ec4f

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.

Data Sheets

Corporate Brochure


Our Story


Services


Solutions


Managed Security


Upcoming Rewterz Trainings/Events

Rewterz News

  • 10, January 2020 Rewterz Threat Advisory – CVE-2020-1600 – Juniper Networks Junos OS Denial of Service in the RPD daemon
  • 10, January 2020 Rewterz Threat Alert – Bank of America Phishing Campaign
  • 10, January 2020 Rewterz Threat Alert – LiquorBot Botnet
  • 10, January 2020 Rewterz Threat Advisory – CVE-2019-16005 – Cisco Webex Video Mesh Node Command Injection Vulnerability

Copyright © Rewterz. All rights reserved.