LockBit is behind the ransomware incident and they claim more than 5 million euros as a ransom.
Earlier this week the City Council of Seville, capital of the community of Andalusia, was affected by a cyberattack on its computer systems.
The delegate of Finance, Citizen Participation and Digital Transformation, Juan Bueno, was the first authority to confirm what happened, and explained that “the technical managers of the City Council together with specialized external personnel are working continuously and jointly to determine the origin and scope of the attack and to be able to establish normality as soon as possible. ”
“All services have been interrupted as a precautionary measure until the specific scope of the cyberattack is known,” said the spokesman, who also noted at the time that they were working together with the CCN-CERT (National Cryptological Center) during the incident.
The mayor of Seville, José Luis Sanz, also appeared before the media to comment on the incident, ensuring that the attackers had not stolen data and emphasizing that the priority of the local council was “to recover the system as soon as possible” and “with the greatest possible guarantees”.
The authority said that, “pending the final report, what seems, in principle, is that they have not stolen data,” although “they have managed to encrypt” some to prevent them from being used by the nearly 5,<> workers of the City Council. “The luck we have had is that the blocked data was from an old server that was backed up to a new one,” the mayor said.
“It is not our hurry to recover the system as soon as possible. The hurry is to know what has happened so that it does not happen again, “said the first local authority.
The authority also recognized the inconvenience that the incident was generating among the residents of the city.
The mayor also referred to the ransom requested by the LockBit gang, who are behind the incident, categorically noting that “we have not spent a second on the issue of the rescue”, which was 5 million euros.
Representatives of the city filed a complaint last Thursday with the National Police as a result of what happened, this despite not having yet finalized the final report on the incident that keeps most of the computer systems of the city council out of service.
In any case, patient zero of the incident has already been identified. These are three computers of the same user, belonging to an official of the Local Police, from whom the cyberattackers stole the keys to access the device.
The city said that, to date, about 4,800 computers and about <> servers had been reviewed.