Everis, one of the largest IT consulting companies in Spain, suffered a targeted ransomware attack on Monday, forcing the company to shut down all its computer systems until the issue gets resolved completely.
Ransomware is a computer virus that encrypts files on an infected system until a ransom is paid.
According to several local media, Everis informed its employees about the devastating widespread ransomware attack, saying:
“We are suffering a massive virus attack on the Everis network. Please keep the PCs off. The network has been disconnected with clients and between offices. We will keep you updated.”
“Please, urgently transfer the message directly to your teams and colleagues due to standard communication problems.”
According to cybersecurity consultant Arnau Estebanell Castellví, the malware encrypted files on Everis’s computers with an extension name resembling the company’s name, i.e., “.3v3r1s,” which suggests the attack was highly targeted.
At this moment, it’s unknown which specific ransomware family was used to target the company, but the attackers behind the attack reportedly demanded €750,000 (~USD 835,000) in ransom for the decryptor, a company insider informed bitcoin.es site.
However, considering the highly targeted nature of the attack, the founder of VirusTotal in a tweet suggests the type of ransomware could be BitPaymer/IEncrypt, the same malware that was recently found exploiting a zero-day vulnerability in Apple’s iTunes and iCloud software.
Here’s the ransomware message that was displayed on the screens of the infected computers across the company:
Hi Everis, your network was hacked and encrypted.
No free decryption software is available on the web.
Email us at email@example.com or firstname.lastname@example.org to get the ransom amount.
Keep our contacts safe.
Disclosure can lead to the impossibility of decryption.
What’s more? It seems like Everis is not the only company that suffered a ransomware attack this morning.
images from Hacker News