The IT systems of the Servicio Publico de Empleo Estatal (SEPE), the Spanish government employment service, have been taken offline following a Ryuk ransomware attack that affected over 700 agency’s offices across the country.
Due to the incident users have not been able to access the agency’s website and hundreds of thousands of appointments made through the agency throughout Spain had to be postponed. Furthermore, the infection spread beyond SEPE's workstations and has reached the agency's remote working staff's laptops.
“Currently, work is being done with the objective of restoring priority services as soon as possible, among which is the portal of the State Public Employment Service and then gradually other services to citizens, companies, benefit and employment offices. The application deadlines for benefits are extended by as many days as the applications are out of service. In no case will this situation affect the rights of applicants for benefits,” reads the announcement on the SEPE’s website.
SEPE director Gerardo Gutiérrez Ardoy confirmed that the agency was hit by the Ryuk ransomware, but said that personal data, payroll, and unemployment benefits were not impacted by the attack.
Ryuk is a ransomware family first discovered in August 2018. It usually targets high-profile organizations likely to pay steep ransom demands. The ransomware is delivered via spam emails and is able to identify and encrypt network drives and resources, as well as delete shadow copies on the endpoint making it impossible for users to restore their files without external backups. According to The DFIR Report researchers, operators of the Ryuk ransomware need only 29 hours to compromise a network and encrypt systems within it.