The website of SEPE, the public employment system, is down this Tuesday as a result of a cyberattack that SEPE’s computer systems have received. Sources from the Ministry of Labor indicate that at the moment the origin is unknown and work is being done to raise the service.
At the moment, the 060 phone has been enabled for inquiries about this cyberattack. A team of technicians and experts from the Ministry are working to return to normal activity as soon as possible. “From the Ministry of Labor and Social Economy we deeply regret the inconvenience caused to SEPE users due to this cyber attack,” they point out from the Ministry.
As this media has learned, on Tuesday morning SEPE workers have found malicious files in shared file folders that prevented access to some of the main programs used by the staff as well as the employee signing service. After that, the computers were ordered to be shut down in order to limit the expansion of the breach and while waiting to know the scope of the attack. The SEPE telephones have also been left without service. Different officials with whom elDiario.es has contacted have shown concern about the relevance of the data that the SEPE has on its servers, related to the situation of the unemployed, their benefits or previous appointments.
Although the origin of this cyber attack is unknown from Labor, SEPE employees have found that the aforementioned suspicious files had the name ‘Ryuk’. If confirmed, it would be a virus of the type ransomware, which are characterized by encrypting the victim’s files, preventing access to them. In exchange for the key to free them, the attackers often demand a ransom. Ryuk has been used in cyberattacks against other Spanish public infrastructures, like the one that knocked down the Torrejón Hospital systems and various campaigns against Critical Operators and Essential Services.
As elDiario.es has learned, SEPE workers have received instructions to turn off all devices. This is a common measure in this type of ramsomware attack, which passes from computer to computer in company and institutional systems like a “worm”, encrypting the files stored in it. The way to enter them varies, although email is one of the most common: cybercriminals simulate a traditional query and add a downloadable file or a malicious link as a hook. If the worker falls into the trap, the entire organization can be compromised.