Cyber Incident Victim: City of Jerez de la Frontera

On the night of Tuesday, October 1, 2019, a cyber attacker compromised the computer systems of Jerez de la Frontera, a southern Spanish city with approximately 212,000 residents. The intrusion caused widespread outages affecting municipal online services accessible through the city's website, disrupting public operations. By Friday, October 4, city officials confirmed the attacker had seized control of the system and issued a ransom demand payable exclusively in bitcoin cryptocurrency to restore access. Municipal authorities did not disclose the specific ransom amount but emphasized the hacker’s insistence on bitcoin due to its perceived anonymity advantages for criminal transactions. The attack persisted for multiple days, with services remaining offline as technicians worked to contain the breach.

In response to the crisis, Spain’s Interior Ministry deployed three cybersecurity experts to assist local authorities in resolving the incident. Mayor Mamen Sánchez, leading the Socialist administration, publicly committed to restoring the municipal website only after achieving full security assurances, stating it would return when "100 percent secure." While the city’s statement acknowledged the severity of the attack on its sherry-producing community, it provided no details about whether ransom negotiations occurred or any funds were paid. The incident reflected broader patterns of ransomware attacks where criminals exploit cryptocurrencies’ anonymity, despite law enforcement agencies and security professionals routinely advising against capitulating to such demands due to ethical and practical risks. Many organizations nevertheless consider payment when facing costly system reconstruction scenarios.