Telefónica, the Spanish telecommunications giant, is reportedly being forced to shut down computers after its corporate networks were hit with a ransomware cyberattack. On 11 May, several media outlets in the region claim to have verified the hack via several employees.
Sources claim the attackers are now demanding the equivalent of $300 (€274) in bitcoin in exchange for the corporate files being decrypted – a common ransomware tactic. Reports indicate employees and all "external partners" of the firm have been told to shut down their computers.
The attack reportedly hit computers at the company headquarters, which is located at Gran Vía in Madrid.
Sources claimed the cyberattack impacts "several hundred employees" however exact numbers remain unverified at the time of writing.
The attacks were part of a global cybercrime assault which, according to Kaspersky Lab, impacted more than 74 countries around the world.
According to El Confidencial, Telefónica bosses have already sent an email to all internal staff informing them of the cyberattack and how to react.
The title of the message stated: "Urgent: turn off your computer now." It contained the instruction: "Shut down the computer and do not restart it until further notice."
Multiple computer systems were reportedly left showing blue screens and errors due to a "network disconnection", while others displayed the hackers' ransom demand.
The message states the bitcoin ransom is required before 15 May. If the money is not transferred into a bitcoin wallet the hackers will then raise the amount. If Telefónica fail to pay up by 19 May the message claims the ransomware will completely erase all encrypted files.
According to news outlet El Mundo, Telefónica has admitted the attack took place but has stressed its customers will not be impacted.
The firm's slew of popular brands – which includes Movistar, O2 and Vivo – are not believed to be suffering any down-time, nor are the services' banking systems.
Telefónica is the umbrella brand of a variety of mobile, landline, internet and television telecommunication services and boasts more than 300 million customers in several countries.
El Mundo has reported that other large Spanish firms, including Iberdrola and Gas Natural, have also been targeted. Employees at Iberdrola, an electric utility company, have been asked to shut down their computer and stop working, however the scale of the alleged attack remains unclear.
Gas Natural, also based in Madrid, received the same bitcoin demand, the newspaper added.
Spain's National Cryptology Centre has confirmed a "large number" of firms had been targeted. "There has been an alert relating to a massive ransomware attack on various organisations, which is affecting their Windows systems," it said in an advisory.
The notice continued: "The ransomware, a version of WannaCry, infects the machine by encrypting all its files and [...] is distributed to other Windows machines on the same network."
The hackers are reportedly exploiting a critical vulnerability (MS17-010) which first received a patch on 14 March. "The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages," Microsoft warned at the time.
- Microsoft Windows Vista SP2
- Windows Server 2008 R2 and R2 SP1
- Windows 7
- Windows 8.1
- Windows RT 8.1
- Windows Server 2012 and R2
- Windows 10
- Windows Server 2016
Telefonica's chief data officer, Chema Alonso, told Reuters via Twitter: "News (of this attack) has been exaggerated and our colleagues are working on it right now."
IBTimes UK contacted Telefónica for comment however had received no response at the time of publication. Spanish news outlet eldiario.es has published images of the computers' blue screen text and also pictures of the ransomware demands.