Ransomware Attack Strikes Spain’s Employment Agency

Ransomware Attack

Reports say that the agency in charge of managing Spain’s unemployment benefits has been hit by the Ryuk ransomware.

The Spanish State Employment Service (SEPE) in Spain has been hit by a cyberattack, suspending its communications systems across hundreds of offices and delaying thousands of appointments.

SEPE is an “autonomous body” in Spain that manages and controls unemployment benefits. The cyberattack hit during an already strenuous time for the agency, which is dealing with an overflow of requests for unemployment benefits as the coronavirus pandemic has forced companies globally to make cuts to their workforces.

According to Spanish trade union Central Sindical Independiente y de Funcionarios (CSIF), the attack has has affected the organization’s 710 offices. The labor union claimed that the cyberattack stemmed from ransomware – however, further details about the attack, including its origin and the ransom demand, are unknown.

“The SEPE is being subjected to a security incident during which the availability of its information and communication systems has been affected,” according to a Google-translated version of a message on the SEPE’s website. “The first urgent actions carried out have been carried out as quickly as possible and with the main objective of containing the incident, isolating and, therefore, mitigating its impact on the SEPE systems.”

According to Business Insider Spain, the cyberattack is the work of the Ryuk ransomware. The threat group has hit a number of organizations over the past year, such as Universal Health Services.

CSIF said the incident has delayed the management of “hundreds of thousands” of appointments in Spain for those trying to file for unemployment benefits. SEPE, for its part, said that it is still working to manually process unemployment benefit requests and it is not necessary to renew requests.

“Currently, work is being done with the aim of restoring priority services as soon as possible, among which is the portal of the State Public Employment Service and then gradually other services to citizens, companies, benefit and employment offices,” said SEPE.

However, CSIF alleged that SEPE has been dragging its feet when it comes to technological investment for months, and relying on applications and computer systems with an “average age of about 30 years.”

“From CSIF, we regret the disruption that this problem is causing in users who had their appointment scheduled for today, both in person and online, who are being duly informed of the incident,” according to CSIF.

To this point, experts like Jigar Shah, vice president at Valtix, said that organizations need to be “forward-thinking” when it comes to securing their infrastructure and fending off ransomware threats.

“A lot of people are overly focused on the tactical response after a ransomware incident happens,” Shah told Threatpost. “Often, paying the ransom does not even let you recover as the attacker just vanishes and does not help free locked resources. At this point, the big costs are on how to recover and rebuild.”

Companies already battered by the pandemic continue to be dangerous targets when it comes to ransomware. A slew of hospitals worldwide have been hit by ransomware attacks, for instance, while ransomware threat actors also targeted schools already struggling with taking classes online.

Check out our free upcoming live webinar events – unique, dynamic discussions with cybersecurity experts and the Threatpost community:

Suggested articles