Cash-moving giant Prosegur knocked offline by Ryuk ransomware

Credit: ID 92681584 © Evgeny Vlasov | Dreamstime.com

Spanish multinational security and cash management firm Prosegur said Wednesday it had been hit by a cyberattack involving the notorious Ryuk ransomware. 

Prosegur’s website was offline for much of Wednesday afternoon but confirmed via a Twitter post that it had experienced a “security information incident in its telecommunications platforms”.  

The company later said its computer network was infected by Ryuk ransomware, and suggested that it had shut down its entire network until it had addressed the situation. Ryuk ransomware is bad news. It's been used in dozens of high-value dollar ransom demands against US local government organizations for the past year. 

Attackers also used Ryuk to encrypt computers at Victoria’s Gippsland Health Alliance and the South West Alliance of Rural Health in October. And this week Ryuk ransomware locked up computers at 110 nursing homes in the US as part of a massive $14 million ransom bid, Krebsonsecurity reported.  

Prosegur is one of the world’s main providers of armored vehicles for transporting cash between banks and automatic teller machines (ATMs), retailers, and restaurants.

The Spanish security firm launched Prosegur Australia in 2013 after acquiring Chubb Security and earlier this month the firm acquired all of Westpac’s non-branch automatic teller machines. Prosegur has operations across Europe, North America, Latin America and Asia.

Telegram posts from Prosegur customers shared by UK security researcher Kevin Beaumont stated that Prosegur’s global network was down following the incident.     

At 6pm GMT Prosegur confirmed in a tweet it had been impacted by the Ryuk ransomware, some 12 hours after the first reports emerged of it being impacted by a ransomware attack. 

“Prosegur reports that the incident detected today corresponds to a generic attack, caused by the RYUK ransomware. The company has enabled maximum security measures to prevent the spread both internally and externally of the virus,” it said,   

Prosegur’s website and contact details were unavailable at the time of publishing. CSO Online has reached out to Prosegur for a response.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags ransomwareRyuk

More about AustraliaCSOGippslandSouth West Alliance of Rural HealthTwitterWestWestpac

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Liam Tung

Latest Videos

More videos

Blog Posts