{"id":12087,"date":"2019-11-28T00:04:00","date_gmt":"2019-11-27T22:04:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=12087"},"modified":"2024-10-03T00:45:39","modified_gmt":"2024-10-02T22:45:39","slug":"sicherheitsvorfall-bei-prosegur","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2019\/11\/28\/sicherheitsvorfall-bei-prosegur\/","title":{"rendered":"Ransomware incident at security company Prosegur"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">[<a href=\"https:\/\/www.borncity.com\/blog\/2019\/11\/27\/sicherheitsvorfall-bei-prosegur\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]The security service provider Prosegur suffers from a successful cyber attack with ransomware infection of its enterprise networks. All European sites are affected. <\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg01.met.vgwort.de\/na\/194c742a8eee4aafb272d3a7d4ce7ca9\" width=\"1\" height=\"1\"><a href=\"https:\/\/en.wikipedia.org\/wiki\/Prosegur\" target=\"_blank\" rel=\"noopener noreferrer\">Prosegur<\/a> is a security service provider based in Madrid, represented on 5 continents in 24 countries. The company has 170,000 employees and is also active in the field of cash transport through its <a href=\"https:\/\/web.archive.org\/web\/20190530144855\/https:\/\/auftrag.securlog.de\/webFlowOnlinePortal\/spring\/login\" target=\"_blank\" rel=\"noopener noreferrer\">subsidiaries<\/a>. However, there is also a business branch (Cipher) that deals with cyber security.&nbsp;&nbsp;&nbsp; <\/p>\n<p><img decoding=\"async\" title=\"KRITIS-Netzwerk\" alt=\"KRITIS-Netzwerk\" src=\"https:\/\/i.imgur.com\/yNk8TvY.jpg\"><br \/>(Source: Pexels <a href=\"https:\/\/www.pexels.com\/de\/u\/markusspiske\/\">Markus Spiske<\/a> CC0 License)  <\/p>\n<p>Today (27.11.2019) the company reports that there has been a 'security incident'. As a result of this security incident, Prosegur had to shut down at least parts of its internal network. Currently I only have the information from the following tweet. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Prosegur, a worldwide security company with ~170,000 staff members, has had a security incident of some kind and has shut down at least part of their network. <a href=\"https:\/\/t.co\/CRmAbz19tJ\">https:\/\/t.co\/CRmAbz19tJ<\/a><\/p>\n<p>\u2014 Kevin Beaumont (@GossiTheDog) <a href=\"https:\/\/twitter.com\/GossiTheDog\/status\/1199668413716746240?ref_src=twsrc%5Etfw\">November 27, 2019<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>As of publishing the German edition of this article (4 p.m. CET), there is currently no information available about the incident on the German website. And I couldn't find out any more details during the search. The Spanish message on Twitter is available <a href=\"https:\/\/twitter.com\/Prosegur\/status\/1199649892077121541\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>. The <a href=\"https:\/\/derechodelared.com\/prosegur-afectada-por-un-ciberataque\/\" target=\"_blank\" rel=\"noopener noreferrer\">article here<\/a> mentions an infection with Ryugu ransomware of the enterprise network. Also Kevin Beaumont gives a hint to Ransomware infestation in <a href=\"https:\/\/twitter.com\/GossiTheDog\/status\/1199681319980195842?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1199681319980195842&amp;ref_url=https%3A%2F%2Fpublish.twitter.com%2F%3Fquery%3Dhttps%253A%252F%252Ftwitter.com%252FGossiTheDog%252Fstatus%252F1199681319980195842%26widget%3DTweet\" target=\"_blank\" rel=\"noopener noreferrer\">this tweet<\/a>.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/web.archive.org\/web\/20240103231702\/https:\/\/pbs.twimg.com\/media\/EKYfq-0WkAA45A2?format=jpg&amp;name=medium\"><\/p>\n<p>Addendum: After a few hours after the German article was written, Bleeping Computer <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/ryuk-ransomware-forces-prosegur-security-firm-to-shut-down-network\/\" target=\"_blank\" rel=\"noopener noreferrer\">now reports<\/a> that it is probably the Ryuk-Ransomware that has infected Prosegur's European network. The source is probably this tweet of the company:<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Update on incident of information security <a href=\"https:\/\/t.co\/yj3xocz62o\">pic.twitter.com\/yj3xocz62o<\/a><\/p>\n<p>\u2014 Prosegur (@Prosegur) <a href=\"https:\/\/twitter.com\/Prosegur\/status\/1199732264386596864?ref_src=twsrc%5Etfw\">November 27, 2019<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>The infection occurred in the early morning hours by the Trojan Emotet. The company then activated the emergency procedures for such incidents (see tweet below) and shut down the internal corporate network. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Statement on information security incident <a href=\"https:\/\/t.co\/5AkBvq1OwY\">pic.twitter.com\/5AkBvq1OwY<\/a><\/p>\n<p>\u2014 Prosegur (@Prosegur) <a href=\"https:\/\/twitter.com\/Prosegur\/status\/1199652211229437952?ref_src=twsrc%5Etfw\">November 27, 2019<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>The employees were sent home because they can't work. The IT department is in the process of cleaning the systems of the ransomware and preparing them for normal operation: How long this takes is currently unknown.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]The security service provider Prosegur suffers from a successful cyber attack with ransomware infection of its enterprise networks. All European sites are affected.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[2193],"class_list":["post-12087","post","type-post","status-publish","format-standard","hentry","category-security","tag-secutiry"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/12087","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=12087"}],"version-history":[{"count":1,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/12087\/revisions"}],"predecessor-version":[{"id":35412,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/12087\/revisions\/35412"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=12087"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=12087"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=12087"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}