11 March 2021

Spanish government hit by Ryuk ransomware attack


Spanish government hit by Ryuk ransomware attack

The IT systems of the Servicio Publico de Empleo Estatal (SEPE), the Spanish government employment service, have been taken offline following a Ryuk ransomware attack that affected over 700 agency’s offices across the country.

Due to the incident users have not been able to access the agency’s website and hundreds of thousands of appointments made through the agency throughout Spain had to be postponed. Furthermore, the infection spread beyond SEPE's workstations and has reached the agency's remote working staff's laptops.

“Currently, work is being done with the objective of restoring priority services as soon as possible, among which is the portal of the State Public Employment Service and then gradually other services to citizens, companies, benefit and employment offices. The application deadlines for benefits are extended by as many days as the applications are out of service. In no case will this situation affect the rights of applicants for benefits,” reads the announcement on the SEPE’s website.

SEPE director Gerardo Gutiérrez Ardoy confirmed that the agency was hit by the Ryuk ransomware, but said that personal data, payroll, and unemployment benefits were not impacted by the attack.

Ryuk is a ransomware family first discovered in August 2018. It usually targets high-profile organizations likely to pay steep ransom demands. The ransomware is delivered via spam emails and is able to identify and encrypt network drives and resources, as well as delete shadow copies on the endpoint making it impossible for users to restore their files without external backups. According to The DFIR Report researchers, operators of the Ryuk ransomware need only 29 hours to compromise a network and encrypt systems within it.

Back to the list

Latest Posts

The story of the four bears: Brief analysis of APT groups linked to the Russian government

The story of the four bears: Brief analysis of APT groups linked to the Russian government

In “The Four Bears” series we will tell you about the APT groups known as Fancy Bear, Cozy Bear, Voodoo Bear, and Berserk Bear.
17 January 2022
Cybersecurity year in review: Most notable APT hacks of 2021

Cybersecurity year in review: Most notable APT hacks of 2021

In 2021 nation-state actors somewhat faded into the background, but they still pose a significant threat.
17 January 2022
Hackers put up for sale data of 2M ONUS customers after the company refused to pay $5 million ransom

Hackers put up for sale data of 2M ONUS customers after the company refused to pay $5 million ransom

The attackers exploited the Log4Shell vulnerability on ONUS’ Cyclos server to plant backdoor and exfiltrate data.
30 December 2021