{ "id": "6a6e1998-d0ac-4c97-ba21-7da287811eb6", "created_at": "2026-04-06T00:08:13.227818Z", "updated_at": "2026-04-10T13:11:58.6601Z", "deleted_at": null, "sha1_hash": "b0b6b1e10183d8f9aa4f0081e40d754954de09e7", "title": "Ryuk ransomware hits 700 Spanish government labor agency offices", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 2977235, "plain_text": "Ryuk ransomware hits 700 Spanish government labor agency offices\r\nBy Sergiu Gatlan\r\nPublished: 2021-03-10 · Archived: 2026-04-05 18:02:22 UTC\r\nThe systems of SEPE, the Spanish government agency for labor, were taken down following a ransomware attack that hit\r\nmore than 700 agency offices across Spain.\r\n\"Currently, work is being done with the objective of restoring priority services as soon as possible, among which is the\r\nportal of the State Public Employment Service and then gradually other services to citizens, companies, benefit and\r\nemployment offices,\" an announcement on the agency's website reads.\r\n\"The application deadlines for benefits are extended by as many days as the applications are out of service. In no case will\r\nthis situation affect the rights of applicants for benefits.\"\r\nhttps://www.bleepingcomputer.com/news/security/ryuk-ransomware-hits-700-spanish-government-labor-agency-offices/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/ryuk-ransomware-hits-700-spanish-government-labor-agency-offices/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nSEPE director Gerado Guitérrez confirmed that the agency's network systems were encrypted by Ryuk ransomware\r\noperators after the incident.\r\nHe also said that personal data, payroll, and unemployment benefits were not affected after the ransomware attack.\r\n\"Confidential data is safe. The payroll generation system is not affected and the payment of unemployment benefits and\r\nERTE will be paid normally,\" Guitérrez added.\r\nGuitérrez confirming the Ryuk attack\r\nHowever, the attack has caused hundreds of thousands of appointments made through the agency throughout Spain to be\r\ndelayed, according to CSIF (the Central Sindical Independiente y de Funcionarios), a Spanish labor union of administration\r\nworkers.\r\nThe ransomware has also spread beyond SEPE's workstations and has reached the agency's remote working staff's laptops.\r\nRyuk is a ransomware-as-a-service (RaaS) group active since at least August 2018 known for running a private affiliate\r\nprogram where affiliates can submit applications and resumes to apply for membership.\r\nRyuk is currently at the top of RaaS rankings, with payloads delivered by its affiliates discovered in about one in three\r\nransomware attacks throughout the last year.\r\nThe gang's affiliates have hit roughly 20 companies every week during the third quarter of 2020, and, beginning with\r\nNovember 2020, they coordinated a massive wave of attacks on the US healthcare system.\r\nThe Spanish labor agency is not the high-profile Spanish ransomware victim. Everis, one of Spain's largest managed service\r\nproviders (MSP), and Cadena SER (Sociedad Española de Radiodifusión), Spain's largest radio station, also had\r\ntheir computer systems encrypted in a November 2019 ransomware attack.\r\nTelefonica, one of the largest telecommunications companies in the works, was also hit by a WannaCry ransomware attack\r\nduring the 2017 outbreak that made tens of thousands of victims worldwide.\r\nhttps://www.bleepingcomputer.com/news/security/ryuk-ransomware-hits-700-spanish-government-labor-agency-offices/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/ryuk-ransomware-hits-700-spanish-government-labor-agency-offices/\r\nhttps://www.bleepingcomputer.com/news/security/ryuk-ransomware-hits-700-spanish-government-labor-agency-offices/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://www.bleepingcomputer.com/news/security/ryuk-ransomware-hits-700-spanish-government-labor-agency-offices/" ], "report_names": [ "ryuk-ransomware-hits-700-spanish-government-labor-agency-offices" ], "threat_actors": [ { "id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d", "created_at": "2022-10-25T16:07:24.139848Z", "updated_at": "2026-04-10T02:00:04.878798Z", "deleted_at": null, "main_name": "Safe", "aliases": [], "source_name": "ETDA:Safe", "tools": [ "DebugView", "LZ77", "OpenDoc", "SafeDisk", "TypeConfig", "UPXShell", "UsbDoc", "UsbExe" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434093, "ts_updated_at": 1775826718, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/b0b6b1e10183d8f9aa4f0081e40d754954de09e7.pdf", "text": "https://archive.orkl.eu/b0b6b1e10183d8f9aa4f0081e40d754954de09e7.txt", "img": "https://archive.orkl.eu/b0b6b1e10183d8f9aa4f0081e40d754954de09e7.jpg" } }