There is still no very specific information but it seems the networks of Telefónica, Vodafone, BBVA and Capgemini are having a seizure for a few minutes and the alarm is being raised in the offices of these companies, telling their employees over the public address system to disconnect their computers from the internal network.
According to internal sources, it is about a serious attack that is compromising the integrity of networks of these companies and that apparently it is possible that it also affects other companies such as KPMG and HP although these cases are not yet confirmed.
The attack is from ransomware type which consists of a computer virus that encrypts information on computers affected by preventing their owners from accessing their contents to later request the payment of a ransom in exchange for removing said encryption. The usual channel for the payment of this type of ransom is through the virtual currency bitcoins, which makes tracking money extremely difficult. According to the data that is reaching us, it seems that at least 100 Telefónica computers could already be affected with the virus.
It is a problem that affects not only the headquarters of these companies but also all their subsidiaries and secondary offices, so we may be facing a problem of important dimensions. At the moment the big media have not echoed the news, although it is already beginning to appear various information on Twitter. Neither is there no official communication of the attack none of the affected companies or their directors.
Message from the Telefónica security team
The telephone security team is spreading this message so that all employees turn off the computer and do not turn it on under any pretext.
URGENT: TURN OFF YOUR COMPUTER NOW
The Security team has detected malware entering the Telefónica network that affects your data and files. Please notify all your colleagues of this situation.
Turn off the computer now and do not turn it on again until further notice (*).
We will send you an email that you can read through your mobile when the situation is normalized. In addition, we will inform you at the entrances of the buildings about access to the network.
If you have any questions, contact the Help Desk (29000)
(*) Disconnect the mobile from the WiFi network but you do not have to turn it off
Security Directorate
Employees have also been banned remove any type of computer material from its facilities.
Early sources indicate that the attack comes from china and that there are already more than 100 Telefónica computers where the message of the ransom payment has appeared. The company has communicated that the attack does not affect its customer service, which is still operational.
More companies and organizations affected?
According to the information that reaches us there are several companies such as Everis who are asking their employees to turn off the computersWe do not know if in the face of any evidence of attack or if only as a security measure, others such as Gas Natural Fenosa have also reported problems in their internal networks. A few minutes ago we got the first rumors of a possible infection in public bodies that affects protected data.
Telefónica assures that it already has the situation under control
Telefónica sources They claim to have the cyber attack under control and that its effects have not been as extensive as initially claimed. Apparently the virus has entered computers under a missing Windows update and has affected Windows 10 computers taking advantage of a serious security flaw.
The CCN-CERT confirms the attack
From the CCN-CERT "Massive ransomware attack that affects a large number of Spanish organizations" https://t.co/G0HRi77nZa pic.twitter.com/GE8hJGuvnQ
- Chema Alonso (@chemaalonso) May 12, 2017
From a tweet posted by Chema Alonso we discovered that the CCN-CERT has already echoed the attack on a large number of Spanish organizations.