Cyber Incident Victim: Ayuntamiento de Sant Antoni de Portmany

On January 31, 2024, municipal information systems of the Ayuntamiento de Sant Antoni de Portmany suffered a cyberattack identified as Lockbit 3.0 ransomware, which encrypted municipal files. The attack was detected on the same day, prompting immediate activation of a Crisis Committee to coordinate response efforts across technical and administrative teams. The committee prioritized restoring services with enhanced security protocols while conducting a forensic analysis to determine the full scope of the compromise. Initial technical measures included a comprehensive review of all municipal workstations, mass credential resets for internal and external accounts, and revocation of electronic certificates to prevent identity spoofing. The municipality implemented mandatory multi-factor authentication for all service access points, updated affected systems, and enforced stricter internet browsing filters alongside a 24x7 monitoring service with advanced threat prevention capabilities.

Recovery operations shifted to cloud-based infrastructure to accelerate service restoration with improved security safeguards. As of the latest update, 90% of municipal workstations had been inspected and returned to employee use, with inter-office network connections and access to the SARA (Sistemas de Aplicaciones y Redes para las Administraciones) network fully reinstated. The municipality anticipates restoring most citizen-facing services within one week of the incident report date but continues to refine its response pending completion of the forensic investigation. No data exfiltration or operational timelines beyond service restoration were disclosed. Administrative communications emphasized procedural transparency through incremental updates until full system recovery and analysis conclude.