11 March 2021

Spanish government hit by Ryuk ransomware attack


Spanish government hit by Ryuk ransomware attack

The IT systems of the Servicio Publico de Empleo Estatal (SEPE), the Spanish government employment service, have been taken offline following a Ryuk ransomware attack that affected over 700 agency’s offices across the country.

Due to the incident users have not been able to access the agency’s website and hundreds of thousands of appointments made through the agency throughout Spain had to be postponed. Furthermore, the infection spread beyond SEPE's workstations and has reached the agency's remote working staff's laptops.

“Currently, work is being done with the objective of restoring priority services as soon as possible, among which is the portal of the State Public Employment Service and then gradually other services to citizens, companies, benefit and employment offices. The application deadlines for benefits are extended by as many days as the applications are out of service. In no case will this situation affect the rights of applicants for benefits,” reads the announcement on the SEPE’s website.

SEPE director Gerardo Gutiérrez Ardoy confirmed that the agency was hit by the Ryuk ransomware, but said that personal data, payroll, and unemployment benefits were not impacted by the attack.

Ryuk is a ransomware family first discovered in August 2018. It usually targets high-profile organizations likely to pay steep ransom demands. The ransomware is delivered via spam emails and is able to identify and encrypt network drives and resources, as well as delete shadow copies on the endpoint making it impossible for users to restore their files without external backups. According to The DFIR Report researchers, operators of the Ryuk ransomware need only 29 hours to compromise a network and encrypt systems within it.

Back to the list

Latest Posts

Free VPN apps on Google Play turned Android devices into residential proxies

Free VPN apps on Google Play turned Android devices into residential proxies

The threat actor behind this scheme profits by selling access to the residential proxy network to third parties.
28 March 2024
Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024
Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024