Security firm Prosegur: We've shut our IT network after Ryuk ransomware attack

Prosegur's website is back online but customers are complaining that alarms remain offline.
Written by Liam Tung, Contributing Writer

Spanish multinational cash logistics and private security company Prosegur said Wednesday it had shut down its IT network to mitigate a Ryuk ransomware infection. 

The company's website was offline Wednesday afternoon but it confirmed via a Twitter post that it had experienced a "security information incident in its telecommunications platforms". 

A few hours later Prosegur confirmed it had taken "maximum security measures" to stop Ryuk ransomware from spreading internally and externally.

"Prosegur reports that the incident detected today corresponds to a generic attack, caused by the Ryuk ransomware. The company has enabled maximum security measures to prevent the spread both internally and externally of the virus," it said.

SEE: 10 tips for new cybersecurity pros (free PDF)

According to UK security researcher Kevin Beaumont, the first reports of the ransomware attack came in at about 5am GMT. Prosegur's worldwide IT network was reportedly shut down and its employees were sent home. However, the company has not confirmed this.      

Prosegur is one of the world's largest providers of armored vehicles for transporting cash between banks and automatic teller machines (ATMs), retailers, and restaurants. The company has 170,000 employees and operates in Europe, USA, Latin America, and Asia Pacific.

The company's cash business operates a fleet of 10,000 security vehicles and manages 100,000 ATMs worldwide. Its alarm business operates in nine countries and supports more than 550,000 alarms. 

Ryuk ransomware has been associated with multimillion-dollar ransom demands targeting US state and local governments. This month alone Ryuk infected 400 veterinary hospitals operated by California-headquartered National Veterinary Associates and a Wisconsin-based Virtual Care Provider, which provides IT services to 110 nursing homes in the US, as per Krebsonsecurity.com.    

While much of Prosegur's website has been restored, its media page remains unavailable. Beaumont pointed out this morning that a day after the attack customers are reporting on Twitter that alarms are not working.

ZDNet has contacted Prosegur for comment and will update the story if it receives a response. 

Editorial standards