The SER chain and the Everis technology consultancy suffered a cyberattack on November 4, 2019, that almost completely blocked all of their computer systems. The incident affected more Spanish companies but all of them preferred to remain silent. Like the National Institute of Cybersecurity of Spain (Incibe), the body of the Ministry of Economy, in charge of monitoring the network, admitted the attack but considered the information about those affected confidential.
The reason for this secrecy is that it was ransomware, a program that encrypts the files of the victims and asks for a financial ransom to allow their recovery. Specifically, the virus involved in the attack was Ryuk, managed by a Russian group called Grim Spider, according to the Crowdstrike consultancy, which had managed to raise more than 3.5 million euros in 52 transactions. The companies did not want their image to be splattered by blackmail, even through the network. For more details do visit Ryuk ransomware.
More information
Two years after the event, Everis has admitted that the cyberattack cost him millions. In the accounts for its last fiscal year 2019-2020 (closed on March 31, 2020) it has recorded extraordinary costs of 12.87 million euros due to the “sophisticated cyberattack suffered in November 2019, and which basically correspond to nonproduction and direct recovery costs, affecting the ordinary provision of the group’s activities ”, according to the accounts deposited in the Mercantile Registry.
However, to that amount should be added the additional loss of the corresponding business margin and other items, which raises the bill of the cyber attack to 15 million euros, indicated company sources, who point out that these losses do not include the payment of no ransom.
Upon suffering the attack, Everis had to send his employees home, whom he also asked not to open their computers or connect to the company’s internal network. The order came after detecting that when starting several computers black screens appeared with a warning that they had to pay to be able to regain access to the computers.
And it is that when a computer is infected by one of these viruses ransomware,, the user only sees a message that requests the payment of a certain amount to re-access the files on the computer. Furthermore, it can affect other computers connected to the same network.
Incibe and other organizations recommended that the company not pay the ransom required in these cases to recover the equipment and data stored in them. They claimed that paying, responding to this type of blackmail, does not guarantee the recovery of the files and that it only encourages these cyberattacks.
Among the clients that Everis serves are the European Commission, Banco Santander, Telefónica, La Caixa and Banco Sabadell. The group’s workforce amounts to 27,230 people, of which 12,770 are hired by group companies outside of Spain.
Millionaires loses
The provision and bad behavior of the new businesses caused the multinational business and technology consultancy belonging to NTT Data to register a net loss of 107.4 million euros in its last fiscal year 2019-2020 compared to profits of 30.6 million euros obtained in the previous year.
Most of these losses are explained by the extraordinary provisions made in the subsidiary Everis Iniciativas, which includes the new businesses, and which led to a net loss of 136.2 million euros.
Among the provisions and recognized losses, it is worth mentioning the recording of a provision of 105 million euros for open balances related to the Simulators business that the Aerospace and Defense division, belonging to Everis Iniciativas. The net amount of the turnover of 1,565 million euros, which represents an increase of 9.4% in relation to the previous year.