lockbit2 attacks liceu.barcelona

Incident Date:

April 2, 2022

World map

Overview

Title

lockbit2 attacks liceu.barcelona

Victim

liceu.barcelona

Attacker

Lockbit2

Location

La Rambla, Spain

Barcelona, Spain

First Reported

April 2, 2022

Ransomware Attack on Gran Teatre del Liceu in Barcelona

Victim Profile

The Gran Teatre del Liceu, a cornerstone of cultural heritage in Barcelona, is celebrated for its distinguished opera and ballet performances. As a pivotal entity within the Hospitality sector, it extends services encompassing food, accommodation, and entertainment. Although the exact size of the institution is not specified, its prominence as a key cultural venue in Barcelona is well acknowledged.

Vulnerabilities and Attack Techniques

The cyber assault on the Gran Teatre del Liceu was executed via a remote access attack, revealing that the perpetrators managed to infiltrate the institution's network from beyond Spain's borders. This breach implies a lack of adequate network segmentation and segregation, enabling the attackers to navigate laterally across the institution's network. While the attack employed novel techniques, specific details remain undisclosed. Notably, the institution's data backups remained intact, indicating that the attackers did not gain full control over the systems.

Response and Recovery

In the aftermath of the attack, the Gran Teatre del Liceu has yet to announce whether it will comply with the ransom demands. Efforts to rehabilitate its systems are underway, with a contingency plan activated to maintain operational continuity for several days. The Cybersecurity Agency of the regional Catalonia government is providing support during the recovery phase.

The ransomware incident at the Gran Teatre del Liceu underscores the susceptibility of the Hospitality sector to cyber threats. Despite the operational disruptions, the institution's refusal to yield to the ransom demands underscores the criticality of implementing stringent cybersecurity protocols.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.