Early Monday morning on the 4th of November, two Spanish companies, Everis (an IT consulting firm) and Cadena SER (Spain’s largest radio network) were simultaneously hit with ransomware. While the Cadena ransomware type is unknown, Everis has confirmed that it was hit with BitPaymer ransomware. BitPaymer is typically distributed through malicious emails containing Dridex, which threat actors will use to gain a foothold in a network and maintain persistence. Once a foothold is gained, a full reconnaissance is performed, and Active Directory credentials are grabbed. From there, BitPaymer is deployed by the threat actors.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in