Rewterz Threat Alert – Ransomware Attacks Targeting Spain

Wednesday, November 6, 2019



Analysis Summary

A ransomware campaign that is affecting several organizations in Spain. First reported on November 4, 2019, an unattributed threat actor conducted a ransomware attack on at least two confirmed Spanish networks, Everis, an IT consulting firm, and SER, Spain’s largest radio network. Open source reporting indicated that the attacker demanded approximately $835,000 USD in ransom for the decryptor. Preliminary, early reporting suggests that the ransomware in question may be Ryuk, BitPaymer or the BitPaymer variant Dopplepaymer, which is delivered via email to the victim and exploits an RDP-based vulnerability.


File encryption

Indicators of Compromise




  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.

Data Sheets

Corporate Brochure

Our Story



Managed Security

Upcoming Rewterz Trainings/Events

Rewterz News

  • 10, January 2020 Rewterz Threat Advisory – CVE-2020-1600 – Juniper Networks Junos OS Denial of Service in the RPD daemon
  • 10, January 2020 Rewterz Threat Alert – Bank of America Phishing Campaign
  • 10, January 2020 Rewterz Threat Alert – LiquorBot Botnet
  • 10, January 2020 Rewterz Threat Advisory – CVE-2019-16005 – Cisco Webex Video Mesh Node Command Injection Vulnerability

Copyright © Rewterz. All rights reserved.