Everis Suffers Major Ransomware Attack, Halting Operations
On Monday, Everis, a prominent IT consulting firm based in Spain, was struck by a significant ransomware attack, prompting an immediate shutdown of all its computer systems until the situation can be fully resolved. The firm sent out an urgent alert to its employees, stating, “We are suffering a massive virus attack on the Everis network. Please keep the PCs off. The network has been disconnected with clients and between offices. We will keep you updated.” The communication underscored the severity of the incident, advising staff to relay the message through internal channels to mitigate potential confusion.
The ransomware in question is a type of malware that encrypts files on infected systems, effectively locking users out until a ransom is paid. Reports suggest that the attackers demanded a ransom of €750,000 (approximately USD 835,000) in exchange for the decryption key. While the specific family of ransomware utilized has not yet been confirmed, cybersecurity experts point to the likelihood of it being highly targeted, given the nature of the attack. Arnau Estebanell Castellví, a cybersecurity consultant, noted that the malware employed an extension mimicking Everis’s name, indicative of a deliberate assault.
An alarming detail arose from a message displayed on the screens of affected employees, which stated, “Hi Everis, your network was hacked and encrypted. No free decryption software is available on the web. Email us at [redacted] or [redacted] to get the ransom amount.” This indicates a calculated approach aimed at instilling fear and urgency.
The incident is not isolated to Everis; other companies in Spain and across Europe have reportedly faced similar ransomware threats concurrently. La Cadena SER, a national radio network, confirmed it had also been targeted, noting severe impacts across its computer systems. This raises concerns about whether these attacks are interconnected or part of a broader campaign.
In terms of tactics, the MITRE ATT&CK framework provides insights into potential adversary techniques that could have been employed during the intrusion. Initial access might have been gained through vulnerability exploitation, such as leveraging the BlueKeep RDP vulnerability, known for its potential exploitation in mass campaigns. Persistence and privilege escalation techniques could also have facilitated this attack, allowing the malware to spread rapidly across networks.
As investigations continue, it remains unclear how the malware infiltrated the organizations and whether they were susceptible due to unpatched vulnerabilities or poor security practices. However, the heightened threat landscape serves as a grave reminder for organizations to prioritize cybersecurity measures. The Spanish Department of Homeland Security has issued recommendations emphasizing the need for updated systems and comprehensive data backups as preventive steps against such threats.
This event underscores the urgent necessity for businesses to remain vigilant in their cybersecurity practices. With ransomware attacks on the rise, understanding the tactics employed by cyber adversaries is crucial for safeguarding sensitive information and maintaining operational integrity.
