Cyber Incident Victim: Ayuntamiento de San Bartolomé de Tirajana

On the early morning of March 11, 2022, the Ayuntamiento de San Bartolomé de Tirajana experienced a ransomware attack targeting its municipal servers. Municipal employees discovered the incident at approximately 7:30 AM when they could not access certain files, prompting immediate notification to the New Technologies department technicians. Initial analysis confirmed multiple servers had been compromised and infected, leading technicians to power down all servers showing security compromise indicators to contain the ongoing attack. Despite rapid intervention to identify the attack source, investigators could not pinpoint its exact origin but determined the ransomware's operational methods and traced a suspicious IP address allegedly originating from Bosnia-Herzegovina. Authorities blocked this IP address, effectively halting further ransomware execution. Forensic examination later revealed threat actors had encrypted 265,000 files, representing approximately 18% of the municipality's total server-stored data.

The attack caused sustained operational disruptions, with infected servers remaining offline while unaffected systems underwent cleaning, updating, and restoration for essential departmental functions. Municipal IT teams maintained continuous server monitoring while collaborating with Spain's National Police Cybercrime Unit in Las Palmas to investigate the intrusion. Concurrently, the Ayuntamiento engaged a cybersecurity firm to identify the attack's initial entry vector and ensure complete malware eradication from compromised infrastructure. No data exfiltration or additional attacker objectives beyond file encryption were disclosed in available reports. Recovery efforts focused on forensic analysis and infrastructure hardening, with no public confirmation regarding data recovery outcomes or ransom payment demands.