Cyber Incident Victim: City of Barcelona

On March 16, 2021, the Metropolitan Area of Barcelona (AMB) publicly announced via Twitter that it had suspended all digital services following a disruptive computer attack. The administrative body, which coordinates services across Barcelona and surrounding municipalities, cited "external reasons" for the system-wide outage, explicitly noting the unavailability of electronic processing, digital services, and website updates. Initial reports characterized the incident as a suspected ransomware attack, drawing immediate comparisons to a contemporaneous ransomware incident affecting Spain’s State Public Employment Service (SEPE). While the SEPE attack had been attributed to Ryuk ransomware, sources clarified that the AMB incident involved similar ransomware tactics but was not confirmed to be the same variant or threat actor group. The AMB did not disclose initial intrusion vectors, malware specifics, or whether data exfiltration occurred alongside system encryption.

The operational impact centered on the abrupt suspension of all digital platforms, disrupting municipal services reliant on electronic processing and real-time information updates. No recovery timeline or detailed containment measures were publicly provided by AMB officials at the time of initial reporting. The organization’s Twitter announcement served as the primary communication channel to inform citizens of the service interruptions, though technical specifics regarding affected infrastructure (e.g., servers, workstations, or cloud systems) remained undisclosed. Cybersecurity analysts monitoring the incident highlighted its resemblance to ransomware campaigns targeting public sector entities but emphasized the lack of conclusive evidence linking it to known ransomware groups or tactics beyond the broad similarity to the SEPE attack. Service restoration efforts and forensic investigations were underway as of the report date, with no further public updates confirming the attack’s resolution or root cause.