This has been confirmed by himself Ministry of Labor and Social Economy on their Twitter account, where they have stated that those responsible technicians from the Ministry and the National Cryptological Center They are already working together to determine the origin of the attack, solve it, and be able to restore service as soon as possible.
⚠️ The Ministry of Labor and Social Economy has been affected by a computer attack. The technical managers of the Ministry and the National Cryptological Center are working together to determine the origin and restore normality as soon as possible.
– Ministry of Labor and Social Economy (@empleogob) June 9, 2021
At the moment we do not know the type of attack that the Ministry of Labor, but most likely it is a ransomware. The entry vector of these attacks is usually computers that are not updated and that use operating systems such as Windows XP or Windows 7, which are exposed to all kinds of vulnerabilities. Windows 10 has protection mechanism against ransomware, being one of the most important reasons to use it.
Ransomware, increasingly dangerous
Ransomware is currently contracted in most cases as «as-a-service ransomware«, With a monthly subscription where hackers update their malware to take advantage of the latest vulnerabilities and infect as many devices as possible.
In the Spanish administration, sadly known for its slow technological advance, Windows 7 computers are still used today. This makes them a perfect entry vector for attacks, where just by clicking on a link it is possible to infect a vulnerable computer. These links or attachments are often sent through phishing emails, and are often targeted at people who are known to work in sensitive organizations.
The ransomware that infected SEPE was Ryuk, first appeared in 2018, and believed to have origins in Russia. This ransomware infects and takes control not only of a computer, but of any other computer that is connected to the same local network. After that, it encrypts all the stored data so that it is not accessible, such as databases. After that, it generates a text file or an image with a message requesting a ransom in bitcoin, with the specific address to which they must be sent, the amount, and the instructions for it.
We will have to wait to see what tmalware type it is about in this case, and how long it will take for the ministry to recover from this attack.