Ayuntamiento de San Lorenzo de El Escorial Ransomware Attack
Incident Date:
May 31, 2024
Overview
Title
Ayuntamiento de San Lorenzo de El Escorial Ransomware Attack
Victim
Ayuntamiento de San Lorenzo de El Escorial
Attacker
Lockbit3
Location
First Reported
May 31, 2024
Ransomware Attack on Ayuntamiento de San Lorenzo de El Escorial
Victim Overview
The Ayuntamiento de San Lorenzo de El Escorial, a local government entity in San Lorenzo de El Escorial, Spain, operates within the Government sector. Employing between 2,001-5,000 people, the organization is known for its dedication to preserving the town's rich history and cultural heritage. It also actively promotes modernity and community engagement through various events and initiatives.
Attack Overview
On May 31, 2024, the Ayuntamiento de San Lorenzo de El Escorial fell victim to a ransomware attack executed by the LockBit ransomware group. This attack led to the theft of approximately 450GB of data, severely impacting the municipality's operations. While the specific data compromised has not been fully disclosed, the breach significantly disrupted the town's administrative functions.
Ransomware Group Profile
LockBit 3.0, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that represents an advanced evolution of the original LockBit group. Renowned for its sophisticated capabilities, LockBit 3.0 encrypts files, modifies filenames, changes desktop wallpapers, and drops ransom notes on victims' desktops. The ransomware's heavy obfuscation makes it particularly challenging for security researchers to analyze.
Company Vulnerabilities
The prominence of the Ayuntamiento de San Lorenzo de El Escorial in the Government sector, coupled with its medium-sized organizational structure, likely made it an appealing target for threat actors like the LockBit 3.0 ransomware group. The municipality's crucial role in providing municipal services and organizing community events increased its vulnerability to cyberattacks aimed at disrupting operations and compromising sensitive data.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.