Spain’s State Public Employment Service Hit by Ryuk Ransomware Attack

The Spanish government’s labor agency, the State Public Employment Service (SEPE), was forced to shut down its systems after a ransomware attack that affected more than 700 agency offices in Spain.

Gerado Guitérrez, SEPE Director, declared that the network systems of the agency had been targeted by the Ryuk ransomware group.

He added that the ransomware attack had no impact on payroll, unemployment benefits, and personal records.

Spain’s State Public Employment Service Ransomware Attack

“Confidential data is safe. The payroll generation system is not affected and the payment of unemployment benefits and ERTE will be paid normally,” Guitérrez added.

As per the Central Sindical Independiente y de Funcionarios (CSIF), a Spanish labor union for administrative employees, the attack has interrupted several appointments made by the organization across Spain.

The ransomware has even reached outside SEPE’s workstations. It had infected the laptops of the agency’s remote staff.

According to the agency’s website announcement, “Currently, work is being done with the objective of restoring priority services as soon as possible, among which is the portal of the State Public Employment Service and then gradually other services to citizens, companies, benefit and employment offices.”

“The application deadlines for benefits are extended by as many days as the applications are out of service. In no case will this situation affect the rights of applicants for benefits.”

Operating since August 2018, Ryuk is a ransomware-as-a-service (RaaS) group. It is known for having a private affiliate program. And, by submitting applications and resumes, affiliates can register for membership.

Ryuk is reportedly leading the RaaS charts, with payloads distributed by its affiliates being found in nearly one out of every three ransomware attacks in the last year.

During the third quarter of 2020, the Ryuk members attacked about 20 firms a week. Besides, starting in November 2020, they directed a series of major attacks on the US healthcare system.

Since the pandemic, the security incident on the SEPE is the most recent cyberattack in Spain. It is also particularly notable because the economy of the country has been affected by COVID-19, leaving four million people jobless.

The Spanish labor sector is not the most well-known ransomware target in the country. During the 2017 outbreak, WannaCry ransomware attacked Telefonica, one of the biggest telecommunications companies in the world.

In November 2019, a ransomware attack hit Spain’s largest radio station, Cadena Sociedad Espaola de Radiodifusión (SER), and one of Spain’s biggest managed service providers (MSP), Everis.