Shortly, the Minister of Labor, Yolanda Díaz, will also assume one of the vice presidencies of the Government of Spain. But now it is impossible to rule out that, when this happens, it will do so with a 'hot potato' still on the table: the prolonged downfall of the computer system of the State Public Employment Service (SEPE).
The events of recent days have shown that the agency lacks the means to resolve a crash in its computer system, having been unable at this time to decrypt the hard drives of their computers, affected by the Ryuk ransomware.
According to various media, the agency's own internal sources claim to see impossible, to this day, to recover the lost rhythm in time for the next payroll payment, which closes on March 31st.
Quantifying the damage
It is difficult, in any case, to get used to the idea of the size of the disaster, because these same sources affirm that the organism does not even have an approximate quantification of the number of files that have been affected.
The number of beneficiaries recognized for the collection of contributory and welfare benefits stood in January (last month for which we have official figures from the SEPE) at 2.74 million, to which must be added the nearly 900,000 workers who remain at ERTE and that they receive 70% of their regulatory base through the body.
From the Ministry of Labor they affirm that those who had already registered their benefit before March 9, should not suffer delays in the payment of the same.
Likewise, as we indicated a few days ago, officially the deadlines for applying for benefits are extended as many days as the applications are out of service, and it will not be necessary to renew the job application as long as the current situation persists.
A very strange look of this particular cyberattack is that, contrary to what happened with other infections of this kind of ransomware in other public or business entities, this time no ransom appears to be requested by the attackers. This was, at least, what the director of the organization, Gerardo Gutiérrez, affirmed in Cadena Ser shortly after the fall of the system.
Something very strange about this kind of cyber attack: nobody has requested a ransom for the encrypted data.
But various data are coming to light about how prepared those responsible for the body were (or were not) to deal with events like this. Thus it has been known that SEPE was not yet on the list of administrations certified by the National Cryptological Center (body dependent on the CNI responsible for the implementation of the National Security Scheme).
The SEPE technicians were able to recover the agency's website ... but an analysis of its source code evidenced that he had been rescued from the Wayback Machine from Archive.org, a non-profit organization that keeps 'snapshots' of millions of WWW sites ... a fact that implied that the technicians did not have access to their web backups (in the event that these exist).
Precarious human and technical resources
This very week, trade unions and professional computer associations came to the fore for report lack of resources and the job insecurity of the public administration systems technicians, and how this situation has prevented it from being prepared to face this cyberattack.
In fact, it was the complaints of SEPE employees - aired in the press in recent months - that led the SEPE to allocate ten million euros a month ago to repair their equipment ... who currently have an average age of 35 years old, as reported by Vozpópuli.
In addition to that, last summer of 2020, the Government launched a tender for a contract "to monitor and analyze the computer applications of the SEPE." The ministry thus recognized that the SEPE he lacked the human and material resources to carry out this monitoring task himself, with which it was finally outsourced to GFI Informática (owned by the Qatari group Manai International) for € 312,007, a figure 35% less than budgeted (PDF).
Prior to paralyze the 710 face-to-face and 52 telematic offices of the SEPE, Ryuk ransomware had been wreaking havoc among public agencies and large companies around the world for years. Attacks usually start with a malicious email addressed to some of the computers of the attacked entity ...
... but once inside the internal network it can reach shutdown computers through WoL (Wake on LAN) commands to infect them once they are turned on, which explains why during the first two days SEPE employees were forced to work with pencil and paper.