The CyberWire Daily Briefing, 11.5.19

Two major businesses in Spain were hit today by a wave of ransomware attacks, including Spain’s national radio station, Cadena SER, and a major IT consultancy, Everis, which is owned by NTT Data Group. This wave of attacks is reminiscent of the WannaCry outbreak two years ago, but on a smaller scale.

Richard Henderson, Head of Global Threat Intelligence at Lastline commented:

“The wide-scale and rampant number of organizations that appear to have been hit in rapid succession implies one of two things: 1) Either an upstream provider that they all share was used as an initial breach vector, or 2) The organizations have all been using some key tool or product that was exploited to allow an attacker an initial foothold. Ransomware incidents like these are as much a test of how panicked the state and the local media will get as they are a test of how organizations put into place contingency and disaster recovery plans. Can people still go about their lives and their usual day-to-day routines? If so, then all the state and media can do — and should do — is remind the public that this is not a dire situation, and how to work around any disruptions.

I suspect that the seemingly lax response from Spain’s DHS is an attempt to alleviate any concerns about how wide-scale and substantial the attacks are. They’re not wrong in articulating how regularly and frequently these incidents happen. But is it out of the ordinary as far as the scope and range of impact? It certainly appears to be. In their own way, their message of “Don’t Panic!” is a good one. It will get cleaned up, and things will get back to normal in the coming days and weeks.”