Selecciona Edición
Entra en EL PAÍS
Conéctate ¿No estás registrado? Crea tu cuenta Suscríbete
Selecciona Edición
Tamaño letra
CYBERSECURITY

How the WannaCry ransomware attack affected businesses in Spain

Experts believe many companies suffered from infected equipment, but most are keeping quiet

Spain was one of the first countries known to have been affected by the recent WannaCry cyberattack that froze up computers across the planet and asked for money in return for unlocking user files.

A screen shot of the WannaCry message demanding ransom in Taipei, Taiwan.
A screen shot of the WannaCry message demanding ransom in Taipei, Taiwan. EFE

This was due to the transparency of Telefónica, the Spanish telecoms giant, which confirmed the computer attack on Friday morning. Soon after that, news emerged that the WannaCry ransomware attack had crippled several hospitals in Britain’s public health system, infected computers at the shipping company FedEx and created trouble at Nissan and Renault car assembly plants.

I think that a lot more [companies] were affected, but are keeping quiet about it

Sergio de los Santos, cybersecurity expert

China and Russia in particular were severely affected due to their heavy reliance on pirated software that is not subject to Microsoft’s periodic security updates, experts note. In Spain, the National Cybersecurity Institute (Incibe) confirmed on Monday that 1,200 computers were affected by two variants of WannaCry. Experts consulted by EL PAÍS describe this figure as “very low,” considering the impact detected at Spanish companies.

“I understand that Incibe does not give out figures that are based on estimates, but it makes no sense to talk about such a low infection rate when you have huge companies like Telefónica that were affected,” says Vicente Díaz, an analyst and security researcher at Kaspersky Lab, a multinational cybersecurity company.

“The impact was tremendous, because this cyber attack was designed to spread across companies. The bigger [the company], the worse [the impact],” said Sergio de los Santos, who is Innovation and Labs Leader at ElevenPaths, Telefónica’s cybersecurity unit.

Telefónica acknowledged last Friday that it had been affected by the cyberattack.
Telefónica acknowledged last Friday that it had been affected by the cyberattack. Efe

“I think that a lot more [companies] were affected, but are keeping quiet about it,” he adds. “There is a lack of transparency, and I don’t think that’s the right way to go. The cyber attack happened on a global scale and it could have affected anybody. The fact that we were open about it helped in some way to contain it and to initiate an early investigation into what happened.”

De los Santos, who is personally involved in the Telefónica investigation, told EL PAÍS that the company is “100% operative and everything is back to normal,” even as “the investigation continues in partnership with the National Cryptology Center and Microsoft.”

Hospitals in trouble

One source who has insider information about several Spanish companies that were affected by the attack said, on condition of anonymity, that “one major hospital group is having a rough time right now. Everything has gone to hell.”

Most public hospitals in Spain have taken preventive measures. Health workers at the Salamanca Clinical Hospital and the Cruces University Hospital told this newspaper that several services on their internal network were affected by the cyber attack, but that patient treatment was in no way compromised. All the health centers consulted by this newspaper said their computers are running on the Windows 7 operating system, which still gets updates from Microsoft.

Unsolved mystery

The biggest mysteries – namely, how the first infections occurred, and why they all started on the same day in different parts of the world even though they spread through local networks– remain unsolved, notes this expert.

De los Santos also underscored that companies have trouble keeping up with software updates: “A month is an unmanageable time frame for many organizations. Big companies often have to test patches first to make sure that the products and services they offer will not be affected. Often there is no time for patches. You are always running a risk, and normally nothing serious ever happens – until it happens.”

The impact was tremendous, because this cyber attack was designed to spread across companies

Sergio de los Santos, cybersecurity expert

This expert foresees that some companies will now take some proactive action on cybersecurity issues, but that once the ransomware attack becomes old news, “we will forget all about it, as usual. It happened in 2003, in 2008, and it will happen again.”

Vicente Díaz, of Kaspersky, concurs. “We never learn.”

English version by Susana Urra.

More information