Spanish multinational security firm Prosegur has been hit by Ryuk ransomware, the notorious Trojan virus that encrypts files on a compromised device and typically demands payment in Bitcoin to decrypt them.
As a result of the attack, the company, which reportedly employs 170,000 people across the globe, has shut down its IT network and its employees were reportedly sent home.
The firm, which is credited as being one of the world’s biggest provider of armored vehicles to transport cash, said on Twitter that it had taken “maximum security measures” to avoid propagating the ransomware both internally and externally.
Statement on information security incident pic.twitter.com/5AkBvq1OwY
— Prosegur (@Prosegur) November 27, 2019
Prosegur incident is just over a day old, customers and resellers are taking to Twitter saying alarms aren’t working and resellers saying they’re getting abusive calls from their customers. An entire ecosystem of security and cash handling services are up in the air. pic.twitter.com/dGtfMRr3Y4
— Kevin Beaumont (@GossiTheDog) November 28, 2019
However, Prosegur’s website was up and running at press time.
Ryuk’s reach
This strand of ransomware has been reeking havoc for months.
It’s targeted several US state and local governments, and hospitals. Earlier this month, Hard Fork reported, on how 110 nursing homes in the US had also fallen victim to it.
Although victims are typically advised not to pay the requested ransom, figures from earlier this year suggest that Ryuk had collected more than 705BTC in just five months — approximately worth $3.7 million at the time.
In fact, Ryuk is held responsible for the 90-percent uptick in cryptocurrency ransomware payments.
Get the TNW newsletter
Get the most important tech news in your inbox each week.