Cyber Incident Victim: Ayuntamiento de Villajoyosa
Date:
Jul 2025
Location:
Spain
Summary
The Ajuntament de la Vila Joiosa suffered a ransomware attack after anomalous activity was detected in its computer systems, leaving basic services disabled. Authorities are collaborating with the Cybersecurity Operations Center to rebuild the infrastructure and restore normal operations while manual parallel procedures have been activated to maintain municipal functions. The local informatics councillor emphasized that all work will continue manually until the systems are deemed secure again for now.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Anomalous activity was detected in the municipal computer systems of the Ayuntamiento de Villajoyosa. The following day, authorities confirmed that the activity corresponded to a ransomware cyberattack. The ransomware attack left basic municipal services inoperable. Pedro Ramis, the municipal councillor for Information Technology, stated that until the systems could be used safely again, municipal activity would continue manually. He emphasized that manual work would be implemented to avoid stopping municipal operations. The Ayuntamiento reported that it was working to recompose the systems and recover activity.
In response, the Ayuntamiento began collaborating with the Centro de Operación de Ciberseguridad (COCS), which depends on the Centro Criptográfico Nacional. The joint effort aims to assess the impact of the attack, analyze its causes, and define the ordered steps needed to restore normal operations. While the systems are being recomposed, the municipality has enabled parallel manual services to maintain essential functions. These manual services are intended to prevent the interruption of public activity while the technical recovery proceeds. The coordinated work between the municipal IT department and the cybersecurity centre is ongoing. The goal is to return to normal operation as soon as the systems are deemed secure.