SEPE, the Spanish government agency for labor systems were taken down following a ransomware attack. 

Ryuk is a ransomware-as-a-service (RaaS) group that’s been active since August 2018 and is known for running a private affiliate program. In this program, affiliates can submit applications and resumes to apply for membership.

Ryuk is at the top of the RaaS rankings, having payloads delivered by its affiliates. The gang’s affiliates were attacking approximately 20 companies every week in the last months of 2020, and, beginning with November 2020, they coordinated a massive wave of attacks on the US healthcare system.

The attack was aimed at the systems of SEPE, which is the Spanish government agency for labor. The systems were taken down following a ransomware attack that affected more than 700 agency offices across Spain.

Official sources from the agency declared that:

“Currently, work is being done with the objective of restoring priority services as soon as possible, among which is the portal of the State Public Employment Service and then gradually other services to citizens, companies, benefit and employment offices and the application deadlines for benefits are extended by as many days as the applications are out of service. In no case will this situation affect the rights of applicants for benefits.”


Gerardo Guitérrez, the director of SEPE confirmed that the agency’s network systems were encrypted by Ryuk ransomware operators after the incident. 

He declared that the personal data, payroll, and unemployment benefits wereransomware attacks not affected after the ransomware attack. 

“Confidential data is safe. The payroll generation system is not affected and the payment of unemployment benefits and ERTE will be paid normally.” 

Heimdal Official Logo
Your perimeter network is vulnerable to sophisticated attacks.

Heimdal® Threat Prevention - Network

Is the next-generation network protection and response solution that will keep your systems safe.
  • No need to deploy it on your endpoints;
  • Protects any entry point into the organization, including BYODs;
  • Stops even hidden threats using AI and your network traffic log;
  • Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

Unfortunately, the attack has made hundreds of thousands of appointments made through the agency throughout Spain to be delayed, and it had spread beyond SEPE’s workstations and reached the agency’s remote working staff’s laptops. 

Ryuk Ransomware: Origins, Operation Mode, Mitigation

Ransomware-as-a-Service (RaaS) – The Rising Threat to Cybersecurity

New Ryuk Ransomware Hacking Techniques Revealed

Ryuk Ransomware Now Self-Spreads to Other Windows LAN Devices

Leave a Reply

Your email address will not be published. Required fields are marked *