Search This Blog

Showing posts with label Spain. Show all posts

Spanish Government Witnesses Cyber Attack


Earlier this morning, the Ministry of Labour and Social Economy of the Spanish government witnessed a cyber-attack. At the moment, Ministry did not comment on the specifications, nature, and severity of the attack. 

According to the official website of the department, the Ministry organizes and supervises Spain’s employment work, social economy, and look after social responsibility policies. This Ministerial Department has an annual budget of around €39 million. 

In the wake of the attack, the IT cyber-researchers at the department – an agency within Spain’s National Intelligence Centre from the National Cryptological Centre together with the Spanish Ministry of Labor and Social Economy (MITES) are investigating the attack and working to restore services. 

“The Ministry of Labor and Social Economy has been affected by a computer attack…” 

“…The technical managers of the Ministry and the National Cryptological Center are working together to determine the origin and restore normality as soon as possible," MITES’ media office said earlier today. 

After the cyber-attack the official website of the Ministry was still accessible, however, the communications office and the multimedia room were down. 

"The computer attack that the Ministry of Labor and Social Economy has suffered has NOT affected the operation of the State Public Employment Service, The Electronic Office, the website, and the set of services continue to be provided normally,"  SEPE reported. 

Furthermore, a government agency of the Spanish, Servicio Público de Empleo Estatal (SEPE) – a part of MITES that took a severe hit by ransomware in March due to which the services of the department were inaccessible for around two weeks – reported that it was not affected by the cyberattack. 

According to the resources, the SEPE department was hit by a Russian Ryuk ransomware gang on March 09, 2021.  As a result, over 700 agency offices across Spain were badly impacted. Besides, the agency’s workstations, the ransomware attack had impacted remote working stations of the department. It should be noted that the Spanish labor agency is the only ministry that has been hit by a ransomware attack in Spain.

Ryuk Ransomware Hits Spain's Employment Agency


The Spanish State Employment Service (SEPE) has been targeted by a ransomware attack which has resulted in hundreds of offices being knocked offline. According to Central Independent Trade Union and Civil Servants, the ransomware attack on SEPE has affected the agency’s offices around the country, forcing employees to use pen and paper to take appointments.

SEPE is a Spanish government agency for labor that provides employment opportunities to the public. The ransomware is said to have spread beyond SEPE’s workstations and also targeted the agency’s remote working employees’ devices. 

The SEPE published a note on their website which said, “currently, work is being done with the objective of restoring priority services as soon as possible, among which is the portal of the State Public Employment Service and then gradually other services to the citizens, companies, benefit and employment offices. The application deadlines for benefits are extended by as many days as the applications are out of service. In no case will this situation affect the rights of applicants for benefits.” 

According to Business Insider Spain, the cyberattack is the work of Ryuk ransomware. Ryuk is a ransomware-as-a-service (RaaS) group that’s been active since August 2018 and is known for running a private affiliate program. In this program, affiliates can submit applications and resumes to apply for membership. The threat group has targeted several organizations over the past year, such as Universal Health Services.

Gerardo Gutiérrez, director of SEPE confirmed that the agency’s network systems were encrypted by the Ryuk ransomware operators after the incident. “Confidential data is safe. The payroll generation system is not affected and the payment of unemployment benefits and ERTE will be paid normally,” he further added. 

According to Central Sindical Independiente y de Funcionarios (CSIF), the attack has caused hundreds of thousands of appointments made through the agency throughout Spain to be delayed. The ransomware has also spread beyond SEPE’s workstations and has reached the agency’s remote working staff’s laptops.