Spain’s Cadena SER radio found itself a victim of a ransomware attack that affected local broadcasts but spared national output, according to the National Security Department in Spain.
The cyberattack was one of many aimed at Spanish companies, including Everis, an internet services firm owned by NTT, and prompted others like Aena and KPMG Spain to assure the public on Twitter that they had not been victims of the attacks. Everis sent employees home while it worked to result the incident, according to a Euro News report.
The NSD seemed to downplay the attacks, noting that ransomware incidents occurred frequently.
“I suspect that the seemingly lax response from Spain's DHS is an attempt to alleviate any concerns about how wide-scale and substantial the attacks are,” said Richard Henderson, head of global threat intelligence at Lastline. “They're not wrong in articulating how regularly and frequently these incidents happen. But is it out of the ordinary as far as the scope and range of impact? It certainly appears to be.”
Henderson said that the Spanish government’s “message of ‘Don't Panic!’ is a good one,” noting that “it will get cleaned up, and things will get back to normal in the coming days and weeks.”
Noting "the wide-scale and rampant number of organizations that appear to have been hit in rapid succession," Henderson said, it "implies one of two things: 1) Either an upstream provider that they all share was used as an initial breach vector, or 2) the organizations have all been using some key tool or product that was exploited to allow an attacker an initial foothold.”
The hackers' goals were troublesome to some. “It is particularly alarming to eye attackers successfully targeting IT consultancy firms. Those who are supposed to protect us from ransomware and prevent it fall victims to it, emphasizing catastrophic unpreparedness even amid technology consultants,” said Ilia Kolochenko, founder and CEO of ImmuniWeb.
“We may expect a further spike of targeted attacks against IT consultants that frequently disregard the fundamentals of cybersecurity to cut their internal costs on a highly-competitive and turbulent market,” he said. “Worse, those companies commonly have privileged access to a myriad of their customers’ networks without any control or due monitoring. Therefore, cybercriminals will soon start aggrandizing their attack scope to infect all their customers first and them disarm and paralyze the IT consultancies.”
Ultimately, though, “ransomware incidents like these are as much a test of how panicked the state and the local media will get as they are a test of how organizations put into place contingency and disaster recovery plans," said Henderson. "Can people still go about their lives and their usual day-to-day routines? If so, then all the state and media can do — and should do — is remind the public that this is not a dire situation, and how to work around any disruptions.”