Telefonica (owners of O2) and other Spanish companies have fallen victim of a large-scale ransomware attack. Details are still emerging about the widespread and potentially crippling attack where certain employees have been asked to pull the plug on their computers so their machines aren't affected.
The companies affected by the attack include: Telefonica, Spain’s biggest telecommunications firm, power company Iberdrola and utility Gas Natural.
In a statement, Spain's National Cryptology Centre said: "There has been an alert relating to a massive ransomware attack on various organisations, which is affecting their Windows systems. The ransomware is a version of the WannaCry virus, which encrypts sensitive user data.
Spanish media are reporting that Telefonica employees were faced with messages on their computer screens asking for ransom in Bitcoin, the crypto currency of choice for malicious actors.
The ransomware attack targeted the Windows operating system on Telefonica's systems and proceeded to encrypt all its archives and In the case of a cryptovirus like WannaCry, the damage is inflicted by encrypting the personal files stored on the computer.
Unknown hackers have launched a “massive ransomware attack” on Telefónica and other Spanish companies and organisations. According to Spain’s national cryptology centre, a branch of the CNI intelligence service, the attack took aim at the Windows operating system by “encrypting all its archives and 'all the connected units inside the network, and infecting the rest of the Windows systems inside the network'.
It said the malware used in the attack was a version of the WannaCry virus.
Reuters are reporting that Iberdrola and Gas Natural, along with Vodafone's unit in Spain, asked staff to turn off computers or cut off internet access in case they had been compromised.
Commenting on the breach, Fraser Kyne, EMEA CTO, Bromium said: “This is a classic example of the kind of damage ransomware can do to a business. The fear of further infection has caused Telefonica to effectively create a quarantine zone and shut down its operations until further notice. While these measures do illustrate that the company is taking the threat seriously and is making efforts to stop the contagion from spreading, the response is far from ideal and could end up costing Telefonica a lot in lost productivity.
“At the heart of this problem lies yet another failing of the detect to protect approach to cybersecurity that we see so many organisations continue to rely on. Given that the vast majority of malware is only seen once before it morphs into something else, detection-based security will always be fundamentally flawed. Time and again, we will continue to see stories like this emerge; where the threat isn’t detected until it is too late.
“What is really needed if we are to avert situations like this arising is a new approach to security that provides a safety net for companies to fall back on in the event that malware does get through. By isolating each user-task within its own, fully disposable micro-virtualised environment, businesses can grant users the freedom to open any email attachment, click on any link, or visit any website; safe in the knowledge that their endpoint and the wider network is safe from infection. If the user does stumble upon a malicious file, the threat is fully contained and they can simply close the task window to make the problem disappear.”
The recently released Verizon Data Breach Investigations Report (DBIR) 2017 said that ransomware was one of the top choices for cyber criminals as they found that there was a 50% rise in ransomware compared to last year’s DBIR. Also, while in 2014, ransomware was the 22nd most common variety of malware, it rose to the fifth most common in 2016.