[German]The security service provider Prosegur suffers from a successful cyber attack with ransomware infection of its enterprise networks. All European sites are affected.
Prosegur is a security service provider based in Madrid, represented on 5 continents in 24 countries. The company has 170,000 employees and is also active in the field of cash transport through its subsidiaries. However, there is also a business branch (Cipher) that deals with cyber security.
(Source: Pexels Markus Spiske CC0 License)
Today (27.11.2019) the company reports that there has been a 'security incident'. As a result of this security incident, Prosegur had to shut down at least parts of its internal network. Currently I only have the information from the following tweet.
Prosegur, a worldwide security company with ~170,000 staff members, has had a security incident of some kind and has shut down at least part of their network. https://t.co/CRmAbz19tJ
— Kevin Beaumont (@GossiTheDog) November 27, 2019
As of publishing the German edition of this article (4 p.m. CET), there is currently no information available about the incident on the German website. And I couldn't find out any more details during the search. The Spanish message on Twitter is available here. The article here mentions an infection with Ryugu ransomware of the enterprise network. Also Kevin Beaumont gives a hint to Ransomware infestation in this tweet.
Addendum: After a few hours after the German article was written, Bleeping Computer now reports that it is probably the Ryuk-Ransomware that has infected Prosegur's European network. The source is probably this tweet of the company:
Update on incident of information security pic.twitter.com/yj3xocz62o
— Prosegur (@Prosegur) November 27, 2019
The infection occurred in the early morning hours by the Trojan Emotet. The company then activated the emergency procedures for such incidents (see tweet below) and shut down the internal corporate network.
Statement on information security incident pic.twitter.com/5AkBvq1OwY
— Prosegur (@Prosegur) November 27, 2019
The employees were sent home because they can't work. The IT department is in the process of cleaning the systems of the ransomware and preparing them for normal operation: How long this takes is currently unknown.