The SEPE suffers a cyberattack that has rendered its computer systems useless and has made the web to manage ERTE and unemployment not work

The website of the State Public Employment Service (SEPE) is down due to a cyber attack directed at its computer systems, as confirmed by sources from the Ministry of Labor to Xataka. According to, sources from the Ministry point out that the origin of the attack is unknown, and they claim to be working so that everything returns to normal.

In the SEPE Twitter profile, the ministry has announced that the agency's website and electronic headquarters They are not available for reasons beyond the control of the institution, without confirming that it is a cyber attack. In the aforementioned media they speak that SEPE workers have found malware files in their shared folders, which did not allow access to their work programs or the signing program.

Ryuk ransomware, the most likely culprit


According to, some employees, before they received the order to shut down their computers, identified files that correspond to those of the Ryuk ransomware, which used to encrypt victims' files and then ask for rewards in exchange for returning the files. The fall supposes the impossibility of operating 710 face-to-face offices and 52 telematics.

As we already mentioned, the computers most vulnerable to this type of attack are those that use old versions of Windows, but it has not been revealed which operating system is used in the SEPE.

Of course, as we read in RTVE, "the equipment would not be updated or prepared for a failure in cybersecurity according to current technology." They also state that the CSIF union demands investment in technology, as there are applications and systems that have more than 30 years on average.

With Ryuk, in the year 2019, the attackers have already managed to tear down the infrastructure of Alabama's health system, falling three hospitals. The solution was to pay the ransom, given the impossibility of recovering the files, encrypted using That causes the encryption of files using RSA-2048 and AES-256 with keys that are stored in the executable. In Spain, the Torrejón de Ardoz hospital was the first to suffer a ransomware attack.

That same attack was the one suffered by Cadena Ser in November 2019, and has the peculiarity that leaves the machines partially operational compared to other cases where all control of the system is lost.