The network systems of the State Public Employment Service (SEPE) were taken down temporarily after a ransomware attack hit more than 700 agency offices across Spain. In an official statement, the SEPE director Gerardo Guitérrez claimed that Ryuk ransomware operators were behind the security incident. Reportedly, the attackers encrypted the systems with Ryuk ransomware. However, Guitérrez clarified that payroll information, unemployment benefits, and other personal data were not affected by the ransomware attack.
SEPE is a Spanish government agency for labor that provides employment opportunities to the public. The ransomware attack disrupted hundreds of thousands of users who had their appointment scheduled with the agency. The ransomware is said to have spread beyond SEPE’s workstations and also targeted the agency’s remote working employees’ devices.
“Currently, work is being done to restore priority services as soon as possible, among which is the portal of the State Public Employment Service, and then gradually other services to citizens, companies, benefit and employment offices. The application deadlines for benefits are extended by as many days as the applications are out of service. In no case will this situation affect the rights of applicants for benefits. Confidential data is safe. The payroll generation system is not affected and the payment of unemployment benefits and ERTE will be paid normally,” Guitérrez said.
Ryuk Ransomware Gang Made Over $150 Mn
Ryuk is a ransomware-as-a-service (RaaS) active since August 2018. The group attacked more than 20 health care organizations last year. A series of Ryuk ransomware attacks targeted multiple hospitals in the U.S. Cybercriminals compromised critical network systems across six hospitals in a single day. A recent analysis found that the Ryuk ransomware operators earned more than $150 million worth of Bitcoins from ransom payments after their cyber intrusions globally.