The hackers who attacked the Seville city council systems last Tuesday, and who left the server completely blocked, "have not stolen data" from the citizens of the capital of Seville. This has been confirmed by the mayor of the city, the popular José Luis Sanz, who has lamented the inconvenience that this situation is causing to the residents, as well as to the officials of the consistory. "It is a disaster, nonsense" but "our priority is not to recover the system as soon as possible" but to do it "with the greatest possible guarantees".
This is the third day that the City Council website and municipal services (such as communication with the fire brigade or the Local Police) and telematics are out of service, three days where a group of experts tries to counteract the damage caused by one of the most active cybercrime networks in Europe, the Dutch LockBit. Since then, the National Cryptological Center (CNN-CERT) has been working on this issue in collaboration with the National Police as well as the National Intelligence Center, from where a resolution to this hack is being sought. The Provincial Council of Seville and the Junta de Andalucía, for their part, have also offered their help.
At the moment, as Sanz has pointed out, the final report from the experts is awaiting to find out the extent of the damage caused by this cyberattack, a text that will be the basis of the complaint filed by the council for these events and that will lead to the study of possible solutions.
The mayor of the city insisted that the ransom payment, which amounts to 1.5 million euros, has not occupied them "not even a second." “There will be no negotiations with criminals”, warned municipal sources from the first moment in which this hijacking of services became known and, to this day, they remain in the same position.
What really worries the government team, according to the explanations given by the experts on the modus operandi of these members of cybercrime, is that this first blockade is a "trap attack" so that "two or three days later, when you you have trusted, carry out a massive attack in which they already steal all the data" commented the popular, for which he has insisted that the "priority" is not so much to activate the system quickly but to do it "with guarantees". "You have to see what happened" and, as a result, "introduce all the necessary firewalls before restarting the system." They have not stolen the data but "they have encrypted it", he explained, although "the luck we have is that the blocked data was from an old server that was backed up in a new one" located in the premises of the Local Police of Frog.
Although it seems that the matter could be 'less serious' than previously thought, the truth is that it is generating significant discomfort among Sevillians with urgent procedures to carry out in the different municipal departments, such as the payment of taxes such as IBI.
Cybersecurity experts point out that these computer crimes must be tackled with more investment by companies and administrations, although hackers systematically look for how to overcome these barriers to commit their crimes, a widespread problem that feeds on “a highly lucrative and sophisticated” that not only steals data but sells it “on dark markets,” as Universae's CISCO (cybersecurity director) has stated for this newspaper.
These kidnappings have a double lucrative purpose, on the one hand, that the affected entity gives in to “blackmail”, as the mayor of Seville has described it, and ends up paying this ransom and, on the other hand, they sell the information to third parties.
The Ransomware attack launched on this occasion against the Seville City Council is not the first that the local administration has suffered in recent times. Already in 2021 he was the victim of another type of cybercrime, 'Man in the Middle', for which the municipal coffers lost a million euros in the payment of an invoice for Christmas lights to the company that won the contest of that year, money that never reached the company that offered this service after a group impersonated their identity and reported a change in bank account where the municipal Treasury made the deposit.
This same Thursday, for its part, the National Police has warned of the existence of a new malware distribution campaign in which the identity of this State Security Corps is impersonated through a wave of sending emails, summoning the user to appear before the Complaints Office on alleged “charges of aggravated robbery.” By clicking on the Electronic Summons APP or www.policia.es link that appears in the email, you are directed to a web page downloading a compressed “.zip” file that contains malicious software that infects the victim's computer. Thus, the Police have advised not to open links or download files of dubious origin, to always have the operating system and antivirus updated, as well as to make independent backup copies periodically to avoid being victims of this fraud.
