Rewterz Threat Alert – Ransomware Attacks Targeting Spain

Wednesday, November 6, 2019



Analysis Summary

A ransomware campaign that is affecting several organizations in Spain. First reported on November 4, 2019, an unattributed threat actor conducted a ransomware attack on at least two confirmed Spanish networks, Everis, an IT consulting firm, and SER, Spain’s largest radio network. Open source reporting indicated that the attacker demanded approximately $835,000 USD in ransom for the decryptor. Preliminary, early reporting suggests that the ransomware in question may be Ryuk, BitPaymer or the BitPaymer variant Dopplepaymer, which is delivered via email to the victim and exploits an RDP-based vulnerability.


File encryption

Indicators of Compromise




  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.

Data Sheets

Corporate Brochure

Our Story



Managed Security

Upcoming Rewterz Trainings/Events

Rewterz News

  • 12, November 2019 Rewterz Threat Alert – Sodinokibi Ransomware Targeting Asia via the RIG Exploit Kit
  • 12, November 2019 Rewterz Threat Alert – Scammers Abusing a New Firefox Browser Lock Bug
  • 11, November 2019 Rewterz Threat Alert – Variant of Adwind RAT Targets Petroleum Sector
  • 11, November 2019 Rewterz Threat Alert – Titanium Malware: the Platinum group strikes again

Copyright © Rewterz. All rights reserved.