Ransomware incident at security company Prosegur

[German]The security service provider Prosegur suffers from a successful cyber attack with ransomware infection of its enterprise networks. All European sites are affected.


Prosegur is a security service provider based in Madrid, represented on 5 continents in 24 countries. The company has 170,000 employees and is also active in the field of cash transport through its subsidiaries. However, there is also a business branch (Cipher) that deals with cyber security.   

(Source: Pexels Markus Spiske CC0 License)

Today (27.11.2019) the company reports that there has been a 'security incident'. As a result of this security incident, Prosegur had to shut down at least parts of its internal network. Currently I only have the information from the following tweet.

As of publishing the German edition of this article (4 p.m. CET), there is currently no information available about the incident on the German website. And I couldn't find out any more details during the search. The Spanish message on Twitter is available here. The article here mentions an infection with Ryugu ransomware of the enterprise network. Also Kevin Beaumont gives a hint to Ransomware infestation in this tweet.


Addendum: After a few hours after the German article was written, Bleeping Computer now reports that it is probably the Ryuk-Ransomware that has infected Prosegur's European network. The source is probably this tweet of the company:

The infection occurred in the early morning hours by the Trojan Emotet. The company then activated the emergency procedures for such incidents (see tweet below) and shut down the internal corporate network.

The employees were sent home because they can't work. The IT department is in the process of cleaning the systems of the ransomware and preparing them for normal operation: How long this takes is currently unknown.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *