Security firm Prosegur: We've shut our IT network after Ryuk ransomware attack

Prosegur's website is back online but customers are complaining that alarms remain offline.

We are losing the ransomware fight: This is why An analysis of ransomware reporting over the past six months shows that while there's a big focus on big targets, going after individual users is still very popular.

Spanish multinational cash logistics and private security company Prosegur said Wednesday it had shut down its IT network to mitigate a Ryuk ransomware infection. 

Ransomware: An executive guide to one of the biggest menaces on the web

Everything you need to know about ransomware: how it started, why it's booming, how to protect against it, and what to do if your PC is infected.

Read More

The company's website was offline Wednesday afternoon but it confirmed via a Twitter post that it had experienced a "security information incident in its telecommunications platforms". 

A few hours later Prosegur confirmed it had taken "maximum security measures" to stop Ryuk ransomware from spreading internally and externally.

"Prosegur reports that the incident detected today corresponds to a generic attack, caused by the Ryuk ransomware. The company has enabled maximum security measures to prevent the spread both internally and externally of the virus," it said.

SEE: 10 tips for new cybersecurity pros (free PDF)

According to UK security researcher Kevin Beaumont, the first reports of the ransomware attack came in at about 5am GMT. Prosegur's worldwide IT network was reportedly shut down and its employees were sent home. However, the company has not confirmed this.      

Prosegur is one of the world's largest providers of armored vehicles for transporting cash between banks and automatic teller machines (ATMs), retailers, and restaurants. The company has 170,000 employees and operates in Europe, USA, Latin America, and Asia Pacific.

The company's cash business operates a fleet of 10,000 security vehicles and manages 100,000 ATMs worldwide. Its alarm business operates in nine countries and supports more than 550,000 alarms. 

Ryuk ransomware has been associated with multimillion-dollar ransom demands targeting US state and local governments. This month alone Ryuk infected 400 veterinary hospitals operated by California-headquartered National Veterinary Associates and a Wisconsin-based Virtual Care Provider, which provides IT services to 110 nursing homes in the US, as per Krebsonsecurity.com.    

While much of Prosegur's website has been restored, its media page remains unavailable. Beaumont pointed out this morning that a day after the attack customers are reporting on Twitter that alarms are not working.

ZDNet has contacted Prosegur for comment and will update the story if it receives a response.