Cyber Incident Victim: Ayuntamiento de Oviedo

On or around May 8, 2021, the Ayuntamiento de Oviedo (Oviedo City Council) experienced a disruptive cyber incident that crippled its IT infrastructure. A malicious program infiltrated municipal systems, blocking access to servers and critical data. Municipal contractors managing the IT infrastructure identified the intrusion and took immediate containment measures by disconnecting remaining operational systems to halt the malware's spread. Official sources characterized the attack as ransomware, noting similarities to an incident that affected Spain’s SEPE (Public State Employment Service) two months prior. The attack rendered all IT services inoperable, severely disrupting municipal operations. Public access to digital services was immediately impacted, with the city council’s official website becoming inaccessible during the initial outage. No further technical specifics regarding the ransomware variant, initial attack vector, or data compromise were disclosed in available reports.

The incident caused widespread operational paralysis across the city council’s IT-dependent functions, though the exact duration of the disruption remained unspecified. Contractors and internal IT teams focused on isolating infected systems to prevent further propagation of the ransomware. No evidence emerged in initial reports regarding ransom demands, threat actor attribution, or data exfiltration claims. The forced disconnection of systems represented a standard containment response to limit damage, though it exacerbated service interruptions. Public-facing digital platforms, including the primary municipal website, remained offline at the time of initial media reporting, indicating persistent remediation efforts. The reference to the SEPE attack suggested potential parallels in tactical approach or payload delivery, though no forensic confirmation was provided. Restoration timelines and data recovery methods were not detailed in immediate disclosures.