Ryuk ransomware is back to its old ways




The Ministry of Labor has communicated through its Twitter account that its computer system "has been affected by an attack"In addition, as they usually do in these cases, they have reported that the technicians of the Ministry and the National Cryptological Center (CCN) are working to restore normality. The ministry's web services are functioning normally at the time of publishing this article..



According to Europa Press, the attack was carried out with ransomware. The Confidential goes a little deeper and collects that ministry employees have confirmed that it is an attack carried out with the Ryuk ransonware, an old (not so old) acquaintance of the Ministry. It should be remembered that Ryuk already managed to knock down the web and the SEPE (State Public Employment Service) systems for many days, being affected many usual procedures.






What is ransomware, how it infects and how to protect yourself




Spain, in the crosshairs of cyberattacks




Screenshot 2021 06 09 At 13 08 55




According to the aforementioned medium, all ministry officials and employees have been asked to disconnect from the network, forcing some to go home or work from secure networks. Although at first the scope seemed limited, El Confidencial mentions that according to ministry sources, the cyber attack has been classified as critical and the scope is important in terms of equipment and systems affected. The affected party this time is not the SEPE, but internal systems teams.



The fact only confirms that Spain is in the crosshairs of large hacking and ransomware groups, because in addition to the attack and the SEPE, there have been major cyberattacks against the Ministry of Defense, infected for months, and the Ministry of Justice, with LEXnet as the main victim.




Already in 2019, the Government spoke of three critical daily cyber attacks




On those occasions, the theses of the CCN and other organizations pointed to foreign powers. The Government spoke in 2019 of three critical or very dangerous daily cyberattacks against the public sector and strategic companies, and the situation appears to have worsened since then.







This is Ryuk, the ransomware that has knocked out SEPE (and that knocked out many others before)






Ryuk was also used to attack the Torrejón de Ardoz hospital and Cadena Ser, and has the peculiarity that it leaves the machines partially operational compared to other cases where all control of the system is lost.