Ryuk Ransomware Hits 700 Spanish Government Labor Agency Offices

The systems of SEPE, the Spanish government agency for labor, were taken down following a ransomware attack that hit more than 700 agency offices across Spain.

“Currently, work is being done with the objective of restoring priority services as soon as possible, among which is the portal of the State Public Employment Service and then gradually other services to citizens, companies, benefit and employment offices,” an announcement on the agency’s website reads.

“The application deadlines for benefits are extended by as many days as the applications are out of service. In no case will this situation affect the rights of applicants for benefits.”

SEPE director Gerado Guitérrez confirmed that the agency’s network systems were encrypted by Ryuk ransomware operators after the incident.

He also said that personal data, payroll, and unemployment benefits were not affected after the ransomware attack.

“Confidential data is safe. The payroll generation system is not affected and the payment of unemployment benefits and ERTE will be paid normally,” Guitérrez added.

However, the attack has caused hundreds of thousands of appointments made through the agency throughout Spain to be delayed, according to CSIF (the Central Sindical Independiente y de Funcionarios), a Spanish labor union of administration workers.

Also Read: The Difference Between GDPR And PDPA Under 10 Key Issues

The ransomware has also spread beyond SEPE’s workstations and has reached the agency’s remote working staff’s laptops.

Ryuk is ransomware-as-a-service (RaaS) group active since at least August 2018 known for running a private affiliate program where affiliates can submit applications and resumes to apply for membership.

Ryuk is currently at the top of RaaS rankings, with payloads delivered by its affiliates discovered in about one in three ransomware attacks throughout the last year.

The gang’s affiliates have hit roughly 20 companies every week during the third quarter of 2020, and, beginning with November 2020, they coordinated a massive wave of attacks on the US healthcare system.

The Spanish labor agency is not the high-profile Spanish ransomware victim. Everis​, one of Spain’s largest managed service providers (MSP), and Cadena SER (Sociedad Española de Radiodifusión), Spain’s largest radio station, also had their computer systems encrypted in a November 2019 ransomware attack.

Also Read: PDPA Compliance Singapore: 10 Areas To Work On

Telefonica, one of the largest telecommunications companies in the works, was also hit by WannaCry ransomware attack during the 2017 outbreak that made tens of thousands of victims worldwide.