Ransomware Attack on Ayuntamiento de San Lorenzo de El Escorial

Victim Overview

The Ayuntamiento de San Lorenzo de El Escorial, a local government entity in San Lorenzo de El Escorial, Spain, operates within the Government sector. Employing between 2,001-5,000 people, the organization is known for its dedication to preserving the town's rich history and cultural heritage. It also actively promotes modernity and community engagement through various events and initiatives.

Attack Overview

On May 31, 2024, the Ayuntamiento de San Lorenzo de El Escorial fell victim to a ransomware attack executed by the LockBit ransomware group. This attack led to the theft of approximately 450GB of data, severely impacting the municipality's operations. While the specific data compromised has not been fully disclosed, the breach significantly disrupted the town's administrative functions.

Ransomware Group Profile

LockBit 3.0, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that represents an advanced evolution of the original LockBit group. Renowned for its sophisticated capabilities, LockBit 3.0 encrypts files, modifies filenames, changes desktop wallpapers, and drops ransom notes on victims' desktops. The ransomware's heavy obfuscation makes it particularly challenging for security researchers to analyze.

Company Vulnerabilities

The prominence of the Ayuntamiento de San Lorenzo de El Escorial in the Government sector, coupled with its medium-sized organizational structure, likely made it an appealing target for threat actors like the LockBit 3.0 ransomware group. The municipality's crucial role in providing municipal services and organizing community events increased its vulnerability to cyberattacks aimed at disrupting operations and compromising sensitive data.

Sources:

• Ayuntamiento de San Lorenzo de El Escorial Website
• VMware Blog - LockBit 3.0
• SentinelOne - LockBit 3.0