How the WannaCry ransomware attack affected businesses in Spain
Experts believe many companies suffered from infected equipment, but most are keeping quiet
Spain was one of the first countries known to have been affected by the recent WannaCry cyberattack that froze up computers across the planet and asked for money in return for unlocking user files.
This was due to the transparency of Telef¨®nica, the Spanish telecoms giant, which confirmed the computer attack on Friday morning. Soon after that, news emerged that the WannaCry ransomware attack had crippled several hospitals in Britain¡¯s public health system, infected computers at the shipping company FedEx and created trouble at Nissan and Renault car assembly plants.
I think that a lot more [companies] were affected, but are keeping quiet about it Sergio de los Santos, cybersecurity expert
China and Russia in particular were severely affected due to their heavy reliance on pirated software that is not subject to Microsoft¡¯s periodic security updates, experts note. In Spain, the National Cybersecurity Institute (Incibe) confirmed on Monday that 1,200 computers were affected by two variants of WannaCry. Experts consulted by EL PA?S describe this figure as ¡°very low,¡± considering the impact detected at Spanish companies.
¡°I understand that Incibe does not give out figures that are based on estimates, but it makes no sense to talk about such a low infection rate when you have huge companies like Telef¨®nica that were affected,¡± says Vicente D¨ªaz, an analyst and security researcher at Kaspersky Lab, a multinational cybersecurity company.
¡°The impact was tremendous, because this cyber attack was designed to spread across companies. The bigger [the company], the worse [the impact],¡± said Sergio de los Santos, who is Innovation and Labs Leader at ElevenPaths, Telef¨®nica¡¯s cybersecurity unit.
¡°I think that a lot more [companies] were affected, but are keeping quiet about it,¡± he adds. ¡°There is a lack of transparency, and I don¡¯t think that¡¯s the right way to go. The cyber attack happened on a global scale and it could have affected anybody. The fact that we were open about it helped in some way to contain it and to initiate an early investigation into what happened.¡±
De los Santos, who is personally involved in the Telef¨®nica investigation, told EL PA?S that the company is ¡°100% operative and everything is back to normal,¡± even as ¡°the investigation continues in partnership with the National Cryptology Center and Microsoft.¡±
Hospitals in trouble
One source who has insider information about several Spanish companies that were affected by the attack said, on condition of anonymity, that ¡°one major hospital group is having a rough time right now. Everything has gone to hell.¡±
Most public hospitals in Spain have taken preventive measures. Health workers at the Salamanca Clinical Hospital and the Cruces University Hospital told this newspaper that several services on their internal network were affected by the cyber attack, but that patient treatment was in no way compromised. All the health centers consulted by this newspaper said their computers are running on the Windows 7 operating system, which still gets updates from Microsoft.
Unsolved mystery
The biggest mysteries ¨C namely, how the first infections occurred, and why they all started on the same day in different parts of the world even though they spread through local networks¨C remain unsolved, notes this expert.
De los Santos also underscored that companies have trouble keeping up with software updates: ¡°A month is an unmanageable time frame for many organizations. Big companies often have to test patches first to make sure that the products and services they offer will not be affected. Often there is no time for patches. You are always running a risk, and normally nothing serious ever happens ¨C until it happens.¡±
The impact was tremendous, because this cyber attack was designed to spread across companies
Sergio de los Santos, cybersecurity expert
This expert foresees that some companies will now take some proactive action on cybersecurity issues, but that once the ransomware attack becomes old news, ¡°we will forget all about it, as usual. It happened in 2003, in 2008, and it will happen again.¡±
Vicente D¨ªaz, of Kaspersky, concurs. ¡°We never learn.¡±
English version by Susana Urra.
Tu suscripci¨®n se est¨¢ usando en otro dispositivo
?Quieres a?adir otro usuario a tu suscripci¨®n?
Si contin¨²as leyendo en este dispositivo, no se podr¨¢ leer en el otro.
FlechaTu suscripci¨®n se est¨¢ usando en otro dispositivo y solo puedes acceder a EL PA?S desde un dispositivo a la vez.
Si quieres compartir tu cuenta, cambia tu suscripci¨®n a la modalidad Premium, as¨ª podr¨¢s a?adir otro usuario. Cada uno acceder¨¢ con su propia cuenta de email, lo que os permitir¨¢ personalizar vuestra experiencia en EL PA?S.
En el caso de no saber qui¨¦n est¨¢ usando tu cuenta, te recomendamos cambiar tu contrase?a aqu¨ª.
Si decides continuar compartiendo tu cuenta, este mensaje se mostrar¨¢ en tu dispositivo y en el de la otra persona que est¨¢ usando tu cuenta de forma indefinida, afectando a tu experiencia de lectura. Puedes consultar aqu¨ª los t¨¦rminos y condiciones de la suscripci¨®n digital.