Cyber Incident Victim: Metropolitan Area of Barcelona
Date:
Mar 2021
Location:
Spain
Summary
The Metropolitan Area of Barcelona suspended its digital services after a ransomware attack affected its systems. Electronic processing, other digital services and website updates were unavailable as a result. Officials said the incident resembled but was not identical to the ransomware that hit Spain's public employment service, which was linked to Ryuk.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 16 2021, the Metropolitan Area of Barcelona (AMB) announced the suspension of its digital services after suffering a computer attack. The attack was suspected to be ransomware similar to the recent incident affecting the Spanish Public Employment Service (SEPE). The announcement was made via the organization's Twitter account. The report was authored by Juan Ranchal and published on Databreaches.net. The article noted that the AMB described the impact as stemming from external reasons affecting its systems.

As a result of the attack, electronic processing, other digital services, and the ability to update the AMB website were made unavailable. The suspension disrupted administrative functions and public access to online services provided by the metropolitan authority. AMB clarified that the ransomware involved was not the same variant that had compromised SEPE. However, the authority indicated that the malware exhibited similarities to the SEPE ransomware. The SEPE incident had previously been associated with Ryuk ransomware according to contemporaneous reporting. No further technical details about the attack vector, ransom demand, or attacker identity were disclosed in the source material. The announcement did not include a timeline for restoration of the affected digital services.
