A man in front of a computer, in a file image.eclipse_images / Getty Images
The State Public Employment Service (SEPE) has joined this Tuesday the list of organizations and companies that have suffered the effects of a computer hijacking virus ( ransomware ) for a ransom. And the main suspect is Ryuk, a malicious program that has targeted hundreds of public bodies in the US and has also been a headache for many Spanish municipalities and public bodies. The CEO of the cybersecurity company Sophos Iberia, Ricardo Maté, has warned that attacks on public organizations similar to this are being reported from other European countries.
Ryuk appeared in August 2018 and is managed by a Russian group called Grim Spider, according to the consulting firm Crowdstrike. "It is a very well organized group," explains Daniel Creus, senior analyst at Kaspersky Spain. "They are dedicated to what we call big game hunting , that is, they look for prey like large corporations or administrations." The fact that .ryuk files have appeared in the attack almost certainly points to the aforementioned virus, according to Creus. This malicious program has been associated with previous infections from one of the most important botnets of the last decade, known as Emotet, responsible for the malicious program of the same name that has infected thousands of computers around the world. The Emotet leadership was dismantled at the beginning of this year.
The SEPE computer system suffers a
cyberattack “The incident suffered by the SEPE”, says Maté, “constitutes one more example that cybercriminals continue to improve their techniques, tactics and procedures for attacking all types of companies and public bodies. Thus, in recent weeks and months, security breaches such as the one suffered by Microsoft last week have been made public, which demonstrates the effectiveness of cybercriminal groups and that can affect hundreds of thousands of companies. ”
In Spain, the first in know the virulence of Ryuk was the City of Jerez. In October 2019, the town hall suffered an attack by this virus that, as happened this Tuesday in the SEPE, forced to change computers for paper, telematic procedures for face-to-face ones and the speed of the network for patience face to face. A month later, Cadena SER (owned by the EL PAÍS publishing group) and the consulting firm Everis also suffered a similar attack. Both companies turned to the National Cybersecurity Institute (Incibe). Last October, the FBI, the Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA) alerted to a threat of computer attacks against hospitals and healthcare providers in the United States.
What is done in these cases? "The incident at the SEPE is very recent," says Creus, "so the technicians will be carrying out the so-called rapid response : first proceed to isolate all affected parts and then mitigate the task : shut down systems, analyze persistence points and start restoring healthy machines. "It is easy for a reinfection to reproduce," he warns. Creus. If there is no data loss (as appears to be the case) the incident is resolved, although full resolution can take weeks. If there is data theft, the door is opened to the payment of a ransom.
“Our recommendation is to always keep the systems updated,” Maté completes. "The fact of maintaining, and even trying to protect versions of operating systems that are more than obsolete for years, does nothing more than provide facilities to a potential attacker, no matter how much effort they put into protecting these computers." PP Gerardo Gutiérrez, director of the SEPE has assured Cadena Ser that they are currently analyzing the information to find out "what" they are facing, although it has launched a message of "absolute tranquility": "Confidential data is safe." In addition, he has ensured that the incident "is not affecting the payroll system" so that "the benefit will continue to be received without problem." "People who have to do paperwork are being called to solve the issue by phone or postponing the appointment. A SEPE web space has been set up to be able to report on these incidents ”, he pointed out.
You can follow EL PAÍS TECNOLOGÍA at Facebook , Twitter , Instagram __ACLOSEP__0 or Source: Elpais here to subscribe to our Newsletter.