Major Spanish firms among victims of massive global cyber attack

Authorities say steps taken to mitigate ransomware crisis in Spain but experts warn problem not over

Around a dozen major Spanish firms including former state telecommunications company Telefónica are among the victims of the worldwide malware attack which has affected over 150 countries and 200,000 Windows users in recent days.

Over 150 countries have been affected by the ransomware attack.
Over 150 countries have been affected by the ransomware attack.@fendifille/Twitter/PA | VÍDEO REUTERS
More information
How last week’s WannaCry ransomware attack affected businesses in Spain

The Spanish National Cyber Security Institute (Incibe) on Friday confirmed a number of Spanish firms had been affected by the WannaCry malware virus that locks down computers and demands users pay a ransom in the virtual currency Bitcoin for their machines to be unlocked.

Spanish telecommunications firm Telefónica was the largest victim of the cyberattack in Spain with the malware affecting the computers of personnel working at the central headquarters in Las Tablas, Madrid on Friday. The computer virus caused computers to crash, leaving blue screens and rendering devices useless.

The malware virus could gain new traction on Monday when people turn on their work computers

Hours later, the cryptology branch of Spain’s National Intelligence Center (CNI) confirmed that the virus was affecting a number of other organizations. “There has been a warning over a massive ransomware attack on a number of organizations and that affects Windows systems, encrypting all of their files and the network units to which they are connected, infecting the rest of the Windows systems on the said network,” the CNI said.

Unconfirmed reports were also being circulated on Friday that the same virus was affecting other companies in Spain, such as consultancy firm KPMG, bank BBVA, power company Iberdrola and telecoms giant Vodafone.

But Spain’s Industry Ministry later in the day issued a statement saying service provision had not been affected while Incibe also informed the public that the initial effects of the attack had been mitigated after the taking of preventative measures.

However, Europol Director Rob Wainwright on Sunday warned the virus could gain traction again on Monday when people turn on their work computers. Speaking to UK broadcaster ITV, Wainwright said that authorities were working on the hypothesis that criminals, and not terrorists, were responsible for the virus, adding that people should not pay the ransom requested.

At Telefónica, the incident did not have any effect on the systems that control the internet, fixed line and cellphone services that the company provides for its more than 15 million customers, a spokesperson told EL PAÍS on Friday.

Sources from the company said that “around a hundred computers” had been affected, although other, non-official sources spoke of many more, prompting an internal email to be sent out to all employees in the building instructing them to turn off their computers, “and not switch them back on until further notice.”

The internal communication from the company’s security team stated that “malware that affects your data and files has been detected as having entered the Telefónica network.” The memo called on the recipient to warn all colleagues of the situation, as well as instructing them to disconnect their cellphones from the corporate Wi-Fi network.

The former state telecommunications company is a Spanish multinational internet, telecommunications and television provider, and has 350 million customers across Europe, Asia, and North, Central and South America under brand names including Movistar, O2 and Vivo. It is the biggest Spanish multinational by market capitalization and one of the largest private telecoms companies in the world.

English version by Simon Hunter and George Mills.


More information

Archived In

Recomendaciones EL PAÍS
Recomendaciones EL PAÍS