Telefonica, other Spanish firms hit in "ransomware" attack

A padlock is displayed at the Alert Logic booth during the 2016 Black Hat cyber-security conference in Las Vegas, Nevada, U.S. August 3, 2016. REUTERS/David Becker

MADRID (Reuters) - Spain said on Friday a large number of companies, including telecommunications giant Telefonica (TEF.MC), had been infected with malicious software known as "ransomware" which locks up computers and demands ransoms.

The hacking was carried out as hospitals and doctors' surgeries in England were forced to turn away patients and cancel appointments on Friday after a ransomware attack crippled some computer systems in the state-run health service.

Portugal Telecom was also hit by a cyber attack but no services were impacted, a spokeswoman for the company said.

In Spain, the attacks did not disrupt the provision of services or network operations, the government said in a statement. Telefonica said the impact of the attack was limited to some computers on an internal network and had not affected clients or services.

Security teams at large financial services firms and businesses were reviewing plans for defending against ransomware attacks, according to executives with private cyber security firms.

Although cyber extortion cases have been rising for several years, they have to date targeted small- and mid-sized organizations, disrupting services provided by hospitals, police departments, public transport systems and utilities in the United States and Europe.

"Seeing a large telco like Telefonica get hit is going to get everybody worried. Now ransomware is affecting larger companies with more sophisticated security operations," Chris Wysopal, chief technology officer with cyber security firm Veracode, said.

This was also likely to embolden cyber extortionists when selecting targets, Chris Camacho, chief strategy officer with cyber intelligence firm Flashpoint, said.

"Now that the cyber criminals know they can hit the big guys, they will start to target big corporations. And some of them may not be well prepared for such attacks," Camacho said.

In Spain, some big firms took pre-emptive steps to thwart ransomware attacks following a warning from the National Cryptology Centre of "a massive ransomware attack." It said hackers used a version of a virus known as WannaCry that targets Microsoft Corp's (MSFT.O) widely used Windows operating system.

Iberdrola (IBE.MC) and Gas Natural (GAS.MC), along with Vodafone's unit in Spain (VOD.L), asked staff to turn off computers or cut off internet access in case they had been compromised, representatives from the firms said.

It was not immediately clear how many Spanish organizations had been compromised by the attacks, if any critical services had been interrupted or whether victims had paid cyber criminals to regain access to their networks.

"News (of this attack) has been exaggerated and our colleagues are working on it right now," Telefonica Chief Data Officer Chema Alonso, a well-known cyber security expert, said on Twitter.

A window appeared on screens of infected computers that demanded payment with the digital currency bitcoin in order to regain access to files, a Telefonica spokesman said.

(Fixes spelling of name in paragraph 8 to Camacho from Comacho)

(Reporting by Carlos Ruano and Jose Rodriguez in Madrid; Additional reporting by Jim Finkle in Toronto; Writing by Sarah White and Angus Berwick; Editing by Janet Lawrence)