Cyber-attacks continue to be the order of the day. Companies and institutions are no exception. A new potential victim suffered an attack on March 9. And it was the case of the Public Employment Service SEPE in Spanish. Belonging to the Ministry of Labor and Social Economy of the Government of Spain. Being that the website and the electronic headquarters of the service stopped working.
According to investigations, so far the author of the attack is apparently the ramsware virus Ryuk. Previously, this malware has attacked American and Spanish companies and institutions. The modus operandi of this virus is to hijack information. Subsequently, cybercriminals ask for a “ransom” and in this way extort money from their victims. Ryuk appeared in August 2018 and a Russian group called Grim Spider is apparently behind it. The fact that .ryuk files appeared in the attack almost certainly points to the aforementioned virus, according to Daniel Creus, senior analyst at Kaspersky Spain.
During the day of the attack, the blocked service prevented employment offices from working. As a result, the SEPE suspended and postponed activities and procedures. Specifically, the 710 offices providing face-to-face service were paralyzed. So were the 52 telematic offices. As an immediate measure, the authorities shut down the computers of all employees. Subsequently, the institution requested assistance from the National Cryptologic Center.
Consequences of the cyber-attack
On Wednesday 10, the General Director of SEPE, Gerardo Gutiérrez , reported on the cyber-attack and the work to solve it: “The confidential data are safe. The payroll generation system is not affected and the payment of unemployment benefits and ERTE will be paid normally”. However, for the time being, services are still interrupted.. As of Friday 12th, the web page is now available.
“We are working to resolve the cyber-attack received as soon as possible”Gerardo Gutiérrez
SEPE is not able to anticipate when the service will be available again. Currently, they are working with the aim of restoring the priority services as soon as possible. Meanwhile, the SEPE insists that in no case this situation will affect the rights of the benefit claimants. Likewise, it will not be necessary to renew the employment claim. Despite these assurances and the efforts to clarify the attack, the community is still waiting. It is clear that cybercriminals are perfecting their techniques and scope with increasingly frequent and massive attacks. They put the integrity of large institutions and millions of people at risk.