Home News Ryuk Ransomware-for-BTC Shuts Down Armored Vehicle Cash Transport Firm Prosegur

Ryuk Ransomware-for-BTC Shuts Down Armored Vehicle Cash Transport Firm Prosegur

TL;DR: Last week, armored vehicle cash transport security firm Prosegur announced a “security information incident,” resulting in restricting communications with customers “to avoid any propagation.” A cybersecurity expert was able to determine Ryuk ransomware was involved, a virus that, once installed, demands BTC in exchange for decryption. 

Ryuk Ransomware Shuts Down Prosegur

“Prosegur appear to be in a hell of a mess,” 20-year cybersecurity veteran Kevin Beaumont of OpenSecurity.global characterized the situation. “I’ve been monitoring social media posts and staff outside Spain in multiple offices report Ryuk ransomware on systems and outage of all services, so I’m guessing they have a common AD [(Active Directory)] domain.” Ryuk alone is reportedly responsible for a substantial increase in ransomware cases this year, ravaging susceptible online services while racking up millions in BTC from desperate victims.

Indeed, Presegur is a global transport security firm based out of Spain with something on the order of 170,000 employees worldwide — a prime, “big game,” target. Beaumont began collecting communications from company staff among one another on various social media, determining employees had been sent home after “big game ransomware” was discovered “around 5am local time.” Shortly after, the Spanish giant confirmed Ryuk as the culprit, and then restricted “all communications.” At one point the entire company website was offline as a precaution.


As the day wore on, Beaumont found “customers and resellers are taking to Twitter saying alarms aren’t working and resellers saying they’re getting abusive calls from their customers. An entire ecosystem of security and cash handling services are up in the air.” By the 28th, however, the company released another statement, assuring the ransomware had been “fully contained” and services were being restored.

Beaumont wasn’t so sure. “That statement reads like everything is fine,” he noted, “but, well… yeah. They’re going to be rebuilding AD and restoring things for a while, realistically. Governments need to put more focus on the various big game ransomware people.” He later observed, “Prosegur tweeted out a carefully worded statement yesterday saying the incident was basically resolved, but they’re facing furious anger from customers across different social media platforms for one slight issue: the incident isn’t near over, they don’t even have basic services.”


CONTINUE THE SPICE and check out our piping hot VIDEOS. Our podcast, The CoinSpice Podcast, has amazing guests. Follow CoinSpice on Twitter. Join our Telegram feed to make sure you never miss a post. Drop some BCH at the merch shop — we’ve got some spicy shirts for men and women. Don’t forget to help spread the word about CoinSpice on social media.

DYOR: CoinSpice is your home for just spicy crypto things. We’re not affiliated with any cryptocurrency project or token. Each published piece is intended for information purposes only, not investment advice and not in the hope of impacting speculative markets. There are plenty of trading sites and coin-specific advocacy journals out there, we’re neither. CoinSpice strives for rigorous accuracy in our reporting. Information presented here is contingent usually on a host of factors, and the ecosystem moves fast — prices change, projects change, and at warp speed. Do your own research.

DISCLOSURE: The author holds cryptocurrency as part of his financial portfolio, including BCH.