Ransomware Group Strikes: A Major Bank in Spain

June 6th, 2023 - Written By CyberLabs

Globalcaja, one of the leading banks in Spain, recently fell victim to a ransomware attack orchestrated by the Play ransomware group. With over 300 offices spread across Spain, Globalcaja caters to the banking needs of more than half a million clients. The repercussions of the attack have impacted the bank’s operations, raising concerns over the safety of private and personal confidential data.

The Play ransomware group, notorious for its cybercriminal activities since July 2022, proudly added Globalcaja to its ever-growing list of victims displayed on its Tor leak site. Claiming to have successfully infiltrated the bank’s systems, the group holds sensitive information hostage. They have threatened to publish stolen data, including client and employee documents, passports, contracts, and more, on June 11, 2023, if Globalcaja fails to meet their ransom demands.

In response to the incident, Globalcaja issued a press release acknowledging the attack. However, they attempted to downplay its impact by emphasizing that it did not affect the transactional processes of the bank or its clients. Despite their reassurances, certain operations have been temporarily limited as part of the incident response procedure. Globalcaja assures the public that electronic banking and ATMs are functioning normally, but some office posts have been disabled to ensure security.

COMUNICADO OFICIAL

En el día de ayer, registramos un
ciberincidente, consistente en un ataque informático a algunos equipos locales a través de un virus tipo #ransomware.

El mismo no ha afectado al transaccional de la entidad (ni las cuentas ni los acuerdos de los clientes se… pic.twitter.com/LeQdNN8r1i

— Globalcaja (@SomosGlobalcaja) June 2, 2023

Globalcaja is taking the attack seriously and has initiated an investigation into the breach. They promptly notified local authorities about the incident, demonstrating their commitment to resolving the issue. At present, Globalcaja has not disclosed any data breach, but the investigation is ongoing to determine the full extent of the attack.

The Play ransomware group has been operating for almost a year, leaving a trail of victims in its wake. Prior attacks targeted prominent organizations, including the City of Oakland and the Cloud services provider Rackspace. Their involvement in the ransomware attack on Globalcaja reinforces the need for robust cybersecurity measures in the face of evolving cyber threats.

Globalcaja’s encounter with the Play ransomware group highlights the vulnerability of even major financial institutions to cyber attacks. The incident serves as a reminder for businesses and individuals alike to prioritize and invest in comprehensive cybersecurity practices. As the investigation into the breach continues, Globalcaja and other organizations must remain vigilant and proactive in their efforts to safeguard sensitive data.

Source

• https://securityaffairs.com/147073/cyber-crime/globalcaja-confirms-play-ransomware-attack.html#:~:text=The%20Play%20ransomware%20gang%20added,will%20not%20pay%20the%20ransom.
• https://www.computing.co.uk/news/4117169/globalcaja-confirms-ransomware-attack

Recently,

Types of Phishing Attacks: Recognize and Defend