Ransomware Attack in Spanish Radio Station and IT Company: Demanding 835,923 USD

BitPaymer Ransomware’s variant attacked Spanish’s IT provider: Spanish Radio Station hit by unknown attackers

According to report, Spanish IT provider and radio station both are currently suffering from Ransomware attacks resulting in file encryption. Everis as NTT DATA Company which is described as MSP (Managed Services Provider) and Cadena SER are facing file encryption on their respected machine. For those who are not aware, Ransomware developer or hacker has targeted earlier list of high-profile companies and government agencies and this malicious activities is continue to grow Ransomware attack at alarming rate. Let’s start the discussion about Spain’s Ransomware attack in detail.

Everis computer hit by Ransomware: Spanish IP provider & Radio station is targeted by hacker

At the moment, Everis has not confirmed that their System attacked by Ransomware. But report says i.e., leaked image shared by Bleeping Computer that states that ransom note displayed on Everis’s computer seems to conform the attack. As per our research, cybercriminals use specific ransomware to encrypt files of Everis’s computers. Based on ransom note, it is clear that Ransomware is belongs to BitPaymer Ransomware.

On other hand, attacker has modified all the files stored in Everis’s System by appending .3v3r1s File Extension and spreads ransom note on the screen as “[Filename extension +_readme].txt”. Further detail about this ransomware attack, the ransom note warns the users against disclosing the information to the public and asked them a ransom money of 835,923 USD in order to decrypt encrypted files.

Let’s take have at look at message displayed on ransom note:

Hello Everis.

Your network was hacked and encrypted.

No free decryption software is available on the web.

Email us at [email protected] (or) [email protected] to get the ransom amount.

Keep our contacts safe. Disclosure can lead to impossibility of decryption.

Please, use your company name as the email subject.



On other hand when we talk about Cadena Radio Station’s ransomware attack, it is not yet known what ransomware versions may have used to infect their network. Moreover, Spain’s department of Homeland Security has confirmed that Ransomware attack impacted Cadena SER who are helping the restore encrypted data. Let’s take have a look the statement of company:

The SER chain has suffered this morning an attack of a computer virus of the ransomware type, file encrypter, which has had a serious and widespread affectation of all its computer systems, The technicians are already working for the progressive recovery of the local programming of each of their stations,

You may also read: Titanium Backdoor Uses Multi-Stage Process to Target Asia-Pacific’s Users