Large Spanish bank confirms ransomware attack

A major lender in Spain said it is dealing with a ransomware attack affecting several offices.

Globalcaja – based in the Spanish city of Albacete – has more than 300 offices across Spain and serves nearly half a million people with a variety of banking services. It manages more than $4.6 billion in consumer loans and has 1,000 employees.

The Play ransomware group claimed this week that it attacked the bank and stole an undisclosed amount of private and personal confidential data, client and employee documents, passports, contracts and more.

The bank published a statement on Friday confirming that computers at several local offices were dealing with ransomware.

COMUNICADO OFICIAL

En el día de ayer, registramos un
ciberincidente, consistente en un ataque informático a algunos equipos locales a través de un virus tipo #ransomware.

El mismo no ha afectado al transaccional de la entidad (ni las cuentas ni los acuerdos de los clientes se… pic.twitter.com/LeQdNN8r1i

— Globalcaja (@SomosGlobalcaja) June 2, 2023

“It has not affected the transactions of the entities (nor the accounts or the agreements of clients.) The offices are operating with total normality when it comes to electronic banking and ATMs,” they said in a statement.

“From the very beginning, at Globalcaja we activated the security protocols created for this purpose, which led us to disable some office posts and temporarily limit the performance of some operations. We continue to work hard to finish normalizing the situation and are analyzing what happened, prioritizing security at all times. We apologize for any inconvenience caused.”

The company did not respond to requests for comment about whether a ransom will be paid.

Spanish financial institutions have long been a target for hackers but the country has been dealing with more ransomware incidents in 2023, with one attack crippling a hospital in Barcelona and another bringing down a Spanish amusement park company.

The Play ransomware gang first emerged in July 2022 targeting government entities in Latin America, according to Trend Micro, and most recently drew headlines for a damaging attack on the City of Oakland, which has spent weeks recovering from the incident.

The group has also attacked the Massachusetts city of Lowell as well as several companies across Europe.

PLAY #ransomware group has added Globalcaja (https://t.co/FBZJ9unLHV) to their victim list. They claim to have access to private and personal confidential data, client and employee documents, passports, contracts, etc.#Spain #DarkWeb #CyberRisk #DeepWeb pic.twitter.com/MC8qEY9vKV

— FalconFeedsio (@FalconFeedsio) June 2, 2023