Ransomware Attack Reportedly Cripples European Call CenterCanal de Isabel II Suspends Its Telephone Services
GSS, the Spanish and Latin America division of Europe's largest call center provider -Covisian, has informed customers that it has been subjected to a ransomware attack that froze its IT systems and crippled call centers across its Spanish-speaking customer base, according to media reports.
Vodafone Spain, the Masmovil ISP, Madrid’s water supply company, television stations, and many private businesses are among the affected services, a source familiar with the attack told The Record.
Canal de Isabel II also announced the suspension of its telephone service, after an alleged ransomware attack at Covisian Group. In a statement, however, the company notes that the cyberattack did not affect its servers or databases.
The Record, which published the customer letter, describes the call center giant as one of Europe’s largest customer care and call center providers.
A spokesperson for Canal de Isabel II, Covisian Group did not immediately respond to an Information Security Media Group request for comment on the media reports.
The letter sent to affected customers notes that the GSS officials took down all affected internal systems and are currently using Google-based systems as an alternative. "None of the applications will be working until the incident is resolved," it says.
A Covisian spokesperson confirmed to Europa Press that the attack was carried out by the Conti gang on Saturday, Sept. 18.
In addition, Europa Press states that the company says it has followed all the security protocols and so far there have been no reports about any personal data leaking.
To guarantee data protection, the services that could be affected were interrupted, Canal Isabel II says. On its Instagram account, it says it "temporarily suspends" its commercial telephone service due to "an incident unrelated to" the company.
The company also said that customers can use the app, the virtual office or email.
In February 2019, Covisian, which is controlled by the Aksìa Capital IV fund, announced the acquisition of the GSS Group for an undisclosed amount as part of its expansion plans.
Conti is one of a number of Russian-speaking ransomware operations, believed to be operating from countries that were formerly part of the Soviet Union, that have continued to hit a number of targets in the U.S. and Europe, causing devastation (see: Conti Ransomware Attacks Surging, US Government Warns)
In a typical Conti ransomware attacks, malicious cyber actors steal files, encrypt servers and workstations, and demand a ransom payment. But Covisian says there was “no evidence of leakage of any personal data” and that the incident did not affect any of its customers and the attack was limited to GSS’ network, although it provides customer support services to other European countries.
Ransomware incident response firm Coveware reports that based on thousands of incidents it helped investigate from April to June, Conti was the second-most-prevalent ransomware it encountered, following Sodinokibi, aka REvil. Coveware said that while Sodinokibi accounted for 16% of all incidents with which it assisted, Conti accounted for 14%.
Conti is known for operating a dedicated data leak site where it can first post a victim's name and then begin leaking data, to increase the pressure to pay for a decryptor or for stolen data to be deleted.
Earlier this week, the U.S. government, which has been tracking an increase in the pace of attacks tied to Conti ransomware, urged organizations to ensure they have robust defenses in place.
A joint cybersecurity advisory from the U.S. Cybersecurity and Infrastructure Security Agency, FBI and National Security Agency warns that Conti has so far successfully hit more than 400 organizations based in the U.S. and abroad.
To better secure against Conti attacks, the alert recommends a range of defenses, including "implementing the mitigation measures described in this advisory, which include requiring multi-factor authentication, implementing network segmentation and keeping operating systems and software up to date."