Cash-moving giant Prosegur knocked offline by Ryuk ransomware

Spanish multinational security and cash management firm Prosegur said Wednesday it had been hit by a cyberattack involving the notorious Ryuk ransomware. 

Prosegur’s website was offline for much of Wednesday afternoon but confirmed via a Twitter post that it had experienced a “security information incident in its telecommunications platforms”.  

The company later said its computer network was infected by Ryuk ransomware, and suggested that it had shut down its entire network until it had addressed the situation. Ryuk ransomware is bad news. It's been used in dozens of high-value dollar ransom demands against US local government organizations for the past year. 

Attackers also used Ryuk to encrypt computers at Victoria’s Gippsland Health Alliance and the South West Alliance of Rural Health in October. And this week Ryuk ransomware locked up computers at 110 nursing homes in the US as part of a massive $14 million ransom bid, Krebsonsecurity reported.  

Prosegur is one of the world’s main providers of armored vehicles for transporting cash between banks and automatic teller machines (ATMs), retailers, and restaurants.

The Spanish security firm launched Prosegur Australia in 2013 after acquiring Chubb Security and earlier this month the firm acquired all of Westpac’s non-branch automatic teller machines. Prosegur has operations across Europe, North America, Latin America and Asia.

Telegram posts from Prosegur customers shared by UK security researcher Kevin Beaumont stated that Prosegur’s global network was down following the incident.     

At 6pm GMT Prosegur confirmed in a tweet it had been impacted by the Ryuk ransomware, some 12 hours after the first reports emerged of it being impacted by a ransomware attack. 

“Prosegur reports that the incident detected today corresponds to a generic attack, caused by the RYUK ransomware. The company has enabled maximum security measures to prevent the spread both internally and externally of the virus,” it said,   

Prosegur’s website and contact details were unavailable at the time of publishing. CSO Online has reached out to Prosegur for a response.