About 6 days ago, a unique hacking episode occurred in Spain, in terms of the attacked target, since on the morning of January 9, they cyberattacked the IT structure of the SEPE, the State Public Employment Service and the former Spanish INEM. A fact that was confirmed by the Ministry of Labor and Social Economy.
Right now, if you enter the SEPE website, you get a warning notifying you that the organization is being subjected to a “security incident during which the availability of its information and communications systems has been affected. The first urgent actions carried out are they have been produced as quickly as possible and with the main objective of containing the incident, isolating and, therefore, mitigating its impact on the SEPE systems ”.
Although the Ministry did not want to go into more details, we learned more information about the attack by the CSIF, Central Sindical Independiente y de Officials, the independent Spanish union that mainly affiliates workers with the status of public employees, civil servants and labor, of the different Public Administrations of Spain.
According to the CSIF, the attack that has brought down the entire computer system of the SEPE was carried out with a virus of a ‘Ransomware’ nature, a type of virus that ‘hijacks’ the systems it infects and does not release them until the cybercriminal wants to, or until these systems are reinstalled from scratch or reset to ‘factory settings’, -losing all the information they had.
The malware paralyzed the activity of the SEPE throughout the country, both in the 710 offices that provide face-to-face service, and in the 52 telematics. The IT managers of the SEPE are “trying to identify where this virus has entered, which has affected both the computers of the workstations and the laptops of the teleworking staff, in order to restore services as soon as possible ”.
The effects still linger
Almost a week later, and although technicians and experts have been working these 6 days to fix the system, the SEPE online infrastructure is still down, and therefore does not work normally, with electronic procedures still paralyzed. Thus, although the SEPE website is open for consultations, the electronic office cannot be used for the moment, which means that ‘online’ procedures are not possible.
Thus, for example, as long as full operations are not reestablished, communication by telematic contracting companies is interrupted.