SEPE, the Spanish government labor agency, shut down its IT systems due to a ransomware attack that hit more than 700 of its offices across Spain.
SEPE director Gerado Guitérrez confirmed that it was Ryuk ransomware that hit the agency’s network systems. Guitérrez said that personal data, payroll, and unemployment benefits were not affected after the ransomware attack.
Ryuk’s ransomware also managed to spread beyond the agency’s systems and into laptops of its remotely working staff.
“Currently, work is being done with the objective of restoring priority services as soon as possible, among which is the portal of the State Public Employment Service and then gradually other services to citizens, companies, benefit and employment offices,” an announcement on its website reads.
The agency extended application deadlines for benefits “by as many days as the applications are out of service.” The agency says the benefits of the citizens are their top priority.
According to the agency, citizens’ confidential data is safe, the payroll generation system has not been affected, and unemployment benefits and ERTE “will be paid normally,” Guitérrez added.
Nevertheless, the attack postponed or delayed hundreds of thousands of appointments made through the agency, according to CSIF, a Spanish labor union of administration workers.
Ryuk is a ransomware-as-a-service (RaaS) group active since 2018 that is currently at the top of RaaS rankings. Its payloads account for about one-third of all ransomware attacks in the last year.
Most notorious was a series of attacks on the US healthcare system that started in November 2020.
Among the previous Spanish ransomware victims are Everis, a large managed service providers (MSP), Telefonica, one of the largest Spanish telecommunications companies, and Cadena SER, Spain’s largest radio station, that also had their computer systems encrypted in November 2019.