Categories: News

Theme park giant Parques Reunidos hit by a ransomware cyber attack

Madrid-based Parques Reunidos group has disclosed a cybersecurity incident this week. Threat actors behind the incident claim to possess over 1 TB of the company’s sensitive data.

Parques Reunidos is among world’s largest leisure and adventure park operators with 50 properties, including aquariums, amusement parks, zoos, and water parks across Europe, the Americas, and Australia. The group reportedly rakes in an annual revenue anywhere between $600 million and $2.3 billion.

Systems suffered ‘unauthorized external access’

In a cybersecurity incident notice published this week, Parques Reunidos has disclosed that threat actors gained unauthorized access to its IT systems, as the company continues with its forensic investigations into the incident.

“At Parques Reunidos Group we are committed to transparency and therefore, we share with you that we have been subjected to an unauthorized external access to our computer systems,” states the notice.

“Upon learning of the incident, we immediately adopted technical and organizational measures to contain it and to prevent further unauthorized external access: appointment of forensic specialists and cybersecurity experts to investigate the incident and reinforce the security of our data, immediate shutdown of affected systems, immediate blocking of users with affected information systems, blocking of remote access connections (VPN), temporary isolation of the data center, blocking of passwords to access information systems for all users of the organization.”

Further, the organization took additional measures including tightening of access controls for certain user groups, expanding its collection sources for ingesting log events, as well as raising cybersecurity awareness among its employees.

Spanish Data Protection Authority (AEPD) was notified of the development and Parques Reunidos states that it is “fully cooperating” with the authorities.

Parques Reunidos maintains an extensive presence as an entertainment operator around the world. Some of the company’s U.S.-based properties include Adventureland, Castle Park, Kennywood, and Dutch Wonderland. In 2016, the adventure park giant undertook the management of UAE-based ‘Motiongate Dubai,’ a Hollywood-inspired theme park.

Bian Lian ransomware claims responsibility

Around March 3rd, 2023, a ransomware group that goes by the name, ‘Bian Lian,’ claimed responsibility for the cyber attack. This development was first brought to our attention by Israel-based cybersecurity intel feed provider, DarkFeed and threat intel analyst Dominic Alvieri.

On its data leak site seen by Security Report, Bian Lian claims to have stolen more than 1 Terabytes (TB) of data belonging to Parques Reunidos. A sample data set earlier shared by Bian Lian via a third-party file hosting website is no longer available. As such, Security Report is unable to verify the veracity of the ransomware group’s claims at this time.

BianLian data leak Tor site states the group has over 1 TB of stolen data

The ransomware operator claims to hold personal information on the company’s employees, including their ID document and passport scans, client information, medical test reports and certifications, legal and tax documents, sensitive financial records as well as internal and external email communications.

Parques Reunidos has not disclosed how much is the ransom demand and if the company will be paying the ransom.

Security Report has approached Parques Reunidos with additional questions prior to publishing. We did not immediately hear back. This piece will be updated as more information becomes available.

Ax Sharma

Ax Sharma is a Security Researcher and Tech Reporter. His works and expert analyses have frequently been featured by leading media outlets including the BBC, Business Insider, Fortune, TechCrunch, TechRepublic, The Register, WIRED, among others. Ax's expertise lies in vulnerability research, malware analysis and reverse engineering, open source software and scams investigations. He's an active community member of British Association of Journalists (BAJ) and Canadian Association of Journalists (CAJ).

Recent Posts

Sea Turtle Cyber Espionage Campaign Targets Telecommunication and IT Companies in the Netherlands

Telecommunication, media, internet service providers (ISPs), information technology (IT)-service providers, and Kurdish websites in the…

5 months ago

Rogue WordPress plugin: Threat hunters uncover credit card skimming campaign targeting e-commerce sites

Rogue WordPress Plugin Found to Steal Credit Card Information in Magecart Campaign Threat hunters have…

5 months ago

Albanian Parliament and telco ‘One Albania’ suffer cyber attacks

The Assembly of the Republic of Albania and telecom company One Albania have recently fallen…

5 months ago

Carbanak Banking Malware Resurfaces with Updated Tactics in Ransomware Attacks

The banking malware Carbanak has resurfaced with updated tactics, incorporating attack vendors and techniques to…

5 months ago

Phishing kit screenshots your email domain on the fly to appear real

Phishing kit used by multiple hacked sites generates a log in page on the fly…

2 years ago

Royal Mail online tracking returns — with a frustrating captcha that works half the time

Mysterious week-long outage impacting the Royal Mail tracking website is subsiding, but with caveats. Meanwhile,…

2 years ago

This website uses cookies.