Cyberattack hits Spain’s Ministry of Labour and Social Economy on June 9

by | July 4, 2021 | Cybersecurity News

On June 9 this year, the Spanish Ministry of Labour and Social Economy (MITES) was hit by a cyberattack, only three months after a previous incident in March.

Having an annual budget of nearly €39 million, this ministerial department is in charge of coordinating and supervising Spain’s social economy, employment, and social responsibility policies of corporations.

MITES’ statements on the cyberattack

The department’s media office stated on June 9 that “The Ministry of Labor and Social Economy has been affected by a computer attack.”

The representatives added:

“The technical managers of the Ministry and the National Cryptological Center are working together to determine the origin and restore normality as soon as possible.”

Even though the ministry’s website was still up and running, in the aftermath of the attack both the communications office and the multimedia room were disabled.

The Spanish Servicio Público de Empleo Estatal (SEPE), part of the Ministry of Labor and Social Economy, was previously hit by a ransomware attack in March this year. The government agency said that the latest cyberattack hadn’t affected it:

“The computer attack that the Ministry of Labor and Social Economy has suffered has NOT affected the operation of the State Public Employment Service.”

“The Electronic Office, the website and the set of services continue to be provided normally.”

Not the first cyberattack targetted at MITES

The 9th is not a good day for the Ministry of Labour and Social Economy, as the latest cybernetic attack is coming shortly after the Ryuk ransomware attack.

It hit SEPE’s network exactly three months ago, on March 9, and impacted over 700 agency offices across Spain. The Ryuk attackers encrypted the agency’s network systems.

Ryuk has been active since August 2018 and it is a ransomware-as-a-service group (RaaS). It is known for running a private affiliate program, in which affiliates can apply for membership.

Ryuk targets large, public entities and encrypts data on an infected system, rendering it inaccessible to the users until a ransom is paid. The payment is made in untraceable Bitcoin. Ryuk is believed to be exploited by two or even more criminal groups. They are most likely located in Russia and target organizations, institutions, and companies rather than small individual consumers.

The agency announced at the time of the first attack that the ransomware had also spread beyond SEPE’s workstations and it had compromised the agency’s remote working employees’ devices. The systems were shut down after the ransomware attack that had affected more than 700 agency offices. This led to hundreds of thousands of appointments made through the agency being forcefully postponed.

Soon after the incident, the SEPE director Gerardo Gutiérrez confirmed the Ryuk group was indeed responsible for the encryption of the agency’s network systems.

The SEPE director also stated back then that payroll, personal information, and unemployment benefits were not compromised by the ransomware attack.

This one ransomware cyberattack is not a singularity as hackers had targetted a series of Spanish high-profile victims before. The target list includes Everis, a leading managed service provider from Spain, and Cadena SER (Sociedad Española de Radiodifusión), which is Spain’s largest radio station. They were affected by ransomware back in November 2019.

Another giant Spanish company, Telefonica, which is amongst the largest telecommunications companies worldwide, was also compromised by the WannaCry ransomware cyberattack. This occurred during a massive outbreak with tens of thousands of victims globally back in 2017.

Cyberattacks happen every minute of every day worldwide, and chances are high that large organizations get hit, as attackers are becoming bolder and bolder. Never underestimate the advantages of good antimalware software, but also good Cybersecurity Awareness training.


Bleeping Computer

Heimdal Security


Feature Image: Photo by Rotiv Artic on Unsplash

by Diana Panduru

Content writer for Attack Simulator. Passionate about all things writing and cybersecurity, and obsessed with driving. I sometimes indulge in pencil drawing, poetry, and cooking for fun.

There’s no reason to postpone training your employees

Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.