Ever since Saturday, a ransom of €11 million has been demanded by the hackers to restore access to a Majorca council computer network.
The council will not be making up the difference, as stated by the mayor of Calvia, whose municipality includes the party resort of Magaluf.
The frank statement from Juan Antonio Amengual was, “We cannot and do not want to pay blackmail sums to criminals.”
The attack is believed to be the work of the cybercriminal group known as “Lockbit,” which has previously breached internal networks of the Chilean judiciary and other Spanish municipalities, including Sevilla.
It took forty days to remove the malware that “Lockbit” had planted from the computers of the Sevilla council, and the group is requesting €5 million in compensation.
As per the National Cryptologic Centre of Spain, this hacking group is considered to be among the most sophisticated ones.
“One of the most professional cybercrime organizations,” according to the report, is that it actively seeks out skilled middlemen and developers through contests for writing computer programs.
Since Saturday at 2:00 am, when the Calvia hack was first discovered, the council’s IT department, an outside business, government, and Consell de Mallorca computer specialists have been attempting to contain the ransomware attack.
Residents who would have used the council website have already had their online processes and administrative deadlines suspended until January 31. Instead, they are advised to conduct all business in person at the municipal offices.
According to Juan Antonio Amengual, he was unaware of the full scope of the data theft.
He claimed that the objective was to “create a new and secure network,” but added, “We have not been able to assess the scope of the attack nor do we know what kind of information they have retained.”
In order to prevent access to the compromised network, all passwords have been changed and council computers have been turned off.
To maintain computer security, council employees have been forced to work from a distance or on laptops.
Amengual continued, “Even though we don’t know what information is compromised, we don’t want to alarm the public.”
Calvià, Majorca, was blackmailed in a ransomware attack
With 50,000 residents, Calvià is a historic town on the Spanish island of Majorca. It is one of the island’s main tourist destinations, drawing an estimated 1.6 million visitors a year.
A cyberattack that affected Calvia’s systems over the weekend prompted the council to establish a crisis committee in order to assess the damage and create plans to mitigate its effects.
“The Calvià City Council is working to restore normality as soon as possible, after having been the target, in the early hours of last Saturday, of a ransomware cyberattack, through which they intend to extort the council,” according to an announcement from Calvià.
According to Mayor Juan Antonio Amengual, forensic analysis is presently being carried out by a group of IT experts in order to determine the degree of unauthorized access and restore the compromised systems and services.
The City has extended the deadline for filing administrative requests, allegations, etc. until January 31, 2024 due to the IT outages.
Through the General State Administration portal, citizens can still submit any documents they urgently need to be registered.
Meanwhile, the municipality has reported the incident to the police’s cybercrime unit, filed the required complaints, and provided preliminary forensic analysis data.
The announcement ends with an apology for the inconvenience and a reminder that citizens can still call citizen services.
“The City Council deeply regrets the inconvenience this situation may cause and reiterates its firm commitment to resolve the current situation in the most orderly, quick, and efficient manner possible,” the statement reads.
“In any case, telephone and face-to-face communication is maintained normally.”
Since none of the main ransomware groups had claimed credit for the attack at Calvià as of this writing, the perpetrators are still at large.
Nonetheless, a regional media organization has discovered that the cybercriminals have demanded €10,000,000, or roughly $11 million, as ransom.
Under no circumstances would the municipality pay the ransom, the mayor told the local press.
Small towns are among the entities of all sizes that are at serious risk from ransomware, which is an increasing concern in today’s digital environment.
Such attacks have the potential to seriously disrupt daily operations and public services by taking down essential municipal services. The consequences would be considerably worse if the attack happened during the busiest travel period.