Spanish companies hit by Friday's cyber-attack left in limbo

Telecommunications provider Telefónica is one of the companies worst affected by the cyber-attack in the country.
Telecommunications provider Telefónica is one of the companies worst affected by the cyber-attack in the country. / Mariscal/ EFE
  • Many businesses in the country are still feeling the effects of the attack, with no indication of when and how the data withheld from them by the WannaCrypt malware will be retrieved

Last Friday's cyber-attack saw the WannaCrypt ransomware, a type of malicious software targeting Microsoft Windows computers, filter into several private and strategic sector companies in Spain, such as the telecommunications provider Telefónica.

The worldwide virus also affected several services in nations across the globe, including the United Kingdom, where the National Health Service continues to suffer ongoing disruptions.

Ransomware blocks access to data until a ransom of virtual money known as 'bitcoins' is paid to unlock and retrieve the data.

The Spanish government acknowledged on Monday that the damage caused by the malicious software is more widespread than initially expected, with around ten strategic industry companies thought to be affected in an attack which is now considered a national security problem.

While the government refused to release the names of the companies affected on Monday, for fear of another attack against them, sources close to the investigation believe that power stations and companies involved with public transport and communications, which failed to install the anti-virus software made available to all users by Microsoft on 14 March due to what has been described as “bureaucratic reasons”, have suffered the most damage from the hackers.

So far, Incibe, the national institute of cyber security, has identified just under 1,200 computers that have been attacked nationally, while 230,000 machines are thought to have been affected in 179 countries worldwide.

Cyber security companies in Spain only have figures about the WannaCrypt 'A' attack, which is a less aggressive, less harmful and more easily neutralised variant of the virus. This particular variant was stopped from spreading by two Britsh men, a cybersecurity researcher tweeting as @Malwaretechblog and Darien Huss, who works at the security firm Proofpoint, who together managed to activate the software's 'kill switch' by buying the website domain that the malware was making a request to.

However, there is no such solution for the 'B' variant, given that it does not contain a 'kill switch', which specialists at Telefónica, the Spanish telecommunications giant that suffered serious damage from the virus, discovered on Monday. A third variant has also entered into systems in Spain in the last 24 hours, but intelligence service specialists believe it is not as virulent as the 'B' variant.

Meanwhile, the government announced on Tuesday that it had no official statistics that could indicate the scale of the attack, and neither did it have the solution to retrieve all the locked data belonging to businesses across the country. Nevertheless, it has called for calm, believing it has the situation under control, although its most pressing matter is to contain the spread of the virus.

At a regional level, businesses and administrations in Malaga and the Junta de Andalucía escaped Friday's attack, but both have taken further precautionary measures. Various emails were sent out to officials at the Junta de Andalucía warning them to avoid opening messages from unrecognised email addresses, which could induce a virus into the system.

Reports on Tuesday morning suggested that the attack may have been carried out by the Lazarus Group, believed to have been behind the hack on Sony Pictures three years ago, which experts say had similarities to Friday’s attack. The group is also alleged to have links to North Korea.