Menu
Browse

Cyber Incident Victim: Metropolitan Area of Barcelona

Date:

Mar 2021

Location:

Spain

Summary

The Metropolitan Area of Barcelona experienced a ransomware incident that led to the suspension of its digital services, disrupting electronic processing, other online functions, and website updates. The attack is described as similar to, but not the same as, the ransomware that affected SEPE, which had been associated with the Ryuk variant. As a result, the organization halted affected systems while investigating the breach.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 2 motives 1 technique
Threat Actors Type Location
0 actors Available to members Available to members

Description

On March 16, 2021, the Metropolitan Area of Barcelona (AMB) reported that its digital services were suspended after a computer attack suspected to be ransomware. The announcement was made via Twitter, stating that for external reasons the AMB systems had been affected and that electronic processing, other digital services, and website updates were not available. The body indicated that the incident resembled a recent ransomware attack on the Spanish Public Employment Service (SEPE). The article notes that while the AMB attack was thought to be similar to the SEPE incident, it was not identified as the same ransomware strain. The SEPE attack had previously been associated with Ryuk ransomware in public reporting.

Cyber Incident Image

As a result of the attack, AMB halted all online services, preventing citizens from accessing electronic administrative functions and updating the organization's website. The disruption affected both internal electronic processing and public-facing digital services. The suspension was communicated via Twitter, indicating that services were unavailable. No additional technical details about the ransomware variant, infection vector, or internal response measures were disclosed in the source material. The AMB's public communication emphasized the impact on service availability without attributing the attack to a specific threat actor.

Sources
Sources available to members
1 source