Systems at Spain’s largest managed service providers (MSP) Everis have been infected by a ransomware, and it was not alone because the also Spain’s largest radio station Cadena SER (Sociedad Española Radiodifusión) was a victim of a similar attack.
BleepingComputer, that first reported the news, revealed that systems at Everis were infected with the BitPaymer ransomware.
“After the attack began, Everis sent an internal notification saying that they “are suffering a massive virus attack on the Everis network. Please keep the PCs off.”” reported BleepingComputer.
“The network has been disconnected with clients and between offices. We will keep you updated. Please, send urgently the message directly to your teams and colleagues due to standard communication problems,” Everis added.
Files on the Everis systems were encrypted and the variant of BitPaymer ransomware involved in the attack added the .3v3r1s extension to their filenames, a circumstance that suggests it was a targeted attack.
The ransom note dropped on the infected systems warns the company against disclosing the attack, it doesn’t include the ransom amount, instead, it urges the company to contact the operators at the email addressed firstname.lastname@example.org and email@example.com.
According to the website
An anticipated, Cadena SER, the largest radio station network in Spain, was also infected with an unknown piece of ransomware. In response to the incident, the SER has disconnected all its computer systems from the network.
“The SER chain
“The technicians are already working for the progressive recovery of the local programming of each of their stations.”
The news of the ransomware attack against the SER chain was also reported by Spain’s Department of Homeland Security (Departamento de Seguridad Nacional).
It is interesting to notice, that BleepingComputer speculates a possible involvement of the BlueKeep vulnerability in the attacks.