It looks bad. I'll give them the benefit of the doubt but... they either don't want to put it online for some reasons, or they don't have backups available.
My bet is that the entire IT service is subcontracted, which means burnt juniors deal with 99% of it, understaffed etc
There's this running joke in Spain about SEPE being useless and lazy, because of their "customer service", but much of the labor-related management and payments go through it.
> but much of the labor-related management and payments go through it.
This is really concerning. The situation being what it is, you'd think that labor services, precisely, would be in high demand (benefits and such ...)
> they either don't want to put it online for some reasons,
Site compromised to inject malware?
> or they don't have backups available.
Again, incredible ...
> My bet is that the entire IT service is subcontracted,
This, and - my personal - bet, an "inside" job, with a willing admin.
The kind of malware used is not even "first rate". It's Malware-as-a-Service second rate crackers "rent", when they have a way in, but not the chops to actually dev their own tooling ...
(By the way, on follow up, I have heard of no resignations ...)
Edit: Wanted to say - though they deny it - ...
What about the PII of several dozen million people? I am convinced it has been compromised ...
Yeah, no kidding. It was like wildfire in the spanish IT community.
Apparently, most operations are back online, but the website still displays a warning. There's very little info, probably different subcontrators for website/backend? Who knows.
"The Spanish government has revealed that the IT infrastructure of SEPE, the government labor agency, was compromised due to a ransomware attack that resulted in the complete elimination of its systems in the agency’s more than 700 offices.
'We are taking the necessary steps to restore our priority services as soon as possible, mainly with regard to the public employment service website of the State and, eventually, to restore the rest of our services,' the government agency’s report mentions."
"A ransomware attack has affected IT systems at a Spanish government agency that manages unemployment benefits, disrupting “hundreds of thousands” of appointments at the agency, a Spanish labor union said Tuesday.
The cyberattack on Spain’s State Public Employment Service (SEPE) affected the agency’s offices around the country, forcing employees to use pen and paper to take appointments, according to the Central Independent Trade Union and Civil Servants. The union alleged that the SEPE had aging IT systems that the agency had not upgraded.
SEPE plays an integral part in distributing unemployment benefits in a country where the coronavirus pandemic has hammered the economy. The number of jobless people in Spain is now 4 million, its highest rate in five years, according to official data. But SEPE Director Gerardo Gutiérrez said an interview with Spanish broadcaster RNE that the incident had not affected unemployment benefits, and that it has not led to the theft of personal data."
"About the ransomware variant, cybersecurity experts mention that Ryuk operates as a ransomware as a service (RaaS) platform and has been active at least since 2018. Specialists mention that Ryuk samples are collected on approximately 33% of each ransomware attack detected worldwide."
It looks bad. I'll give them the benefit of the doubt but... they either don't want to put it online for some reasons, or they don't have backups available.
My bet is that the entire IT service is subcontracted, which means burnt juniors deal with 99% of it, understaffed etc
There's this running joke in Spain about SEPE being useless and lazy, because of their "customer service", but much of the labor-related management and payments go through it.