Security Giant Prosegur Struck by Ransomware

Written by

Private security giant Prosegur has become the latest multi-national to suffer operational problems after being struck by ransomware.

The Spanish firm — which produces building alarms, and offers physical security services including cash transit vans — has over 60,000 employees around the globe and declared profits of €118m ($130m) for the first nine months of 2019.

However, it posted a statement to its Twitter account on Wednesday claiming the company had been struck by the Ryuk variant. Prosegur added that it had “enabled maximum security measures” to prevent the spread of the malware, including the “restriction of all communications.”

Security researchers monitoring the incident claimed in a series of tweets that the impact was severe, with the firm's websites taken offline in various regions.

“Prosegur appear to be in a hell of a mess, I’ve been monitoring social media posts and staff outside Spain in multiple offices report Ryuk ransomware on systems and outage of all services, so I’m guessing they have a common AD domain,” said UK-based Kevin Beaumont.

“Prosegur incident is just over a day old, customers and resellers are taking to Twitter saying alarms aren’t working and resellers saying they’re getting abusive calls from their customers. An entire ecosystem of security and cash handling services are up in the air.”

A statement from the firm on Thursday appeared to suggest it was on top of things.

“The ransomware, Ryuk, has been fully contained and the company has already deployed all the necessary mitigatory controls. Likewise, Prosegur has already begun the process of restoring its services,” it said.

“In addition to restricting its communications, the company initiated an investigation to determine the typology of the incident, its behavior, evaluation of the scope and definition of containment and recovery procedures, all of them included in the response plan for incidents of information security.”

The firm said it is also in contact with the “competent authorities” and is providing relevant technical information to “other actors” — stressing the need for collaboration to fight an ever evolving cyber-threat.

What’s hot on Infosecurity Magazine?