A week ago, different information pointed to the fact that the Superior Council of Scientific Investigations (CSIC) had been the victim of an important cyber attack. According to different researchers and workers from different agencies dependent on the CSIC Through its social networks -including a letter to the director published by ABC-, the attack would have been directed at the electronic headquarters of the institution, so the CSIC disconnected, as a firewall, all connections. However, to date, some still record outages.
The attack was of the type ransomware, by which cybercriminals have encrypted part of the information handled by both the CSIC and its centers throughout Spain (the pages of the Institute of Marine Sciences, the National Center for Microelectronics, the Institute of Microelectronics of Barcelona and the Marine Technology Unit were also down for a few days). Normally, the attackers usually ask for a ransom in exchange for releasing the data, but there has not even been an official confirmation from the Ministry of Science or the CSIC of the attack, although the Government is expected to publish a statement on the matter shortly. .
“Since last week, after a minor and localized computer attack, the Spanish cybersecurity authorities decided to disconnect the entire CSIC from the internet ‘sine die’,” he denounced in this newspaper Paul Chacon Montes, investigator of the organism. “Shameful, the main investigative agent is inoperative and nobody cares.” Chacón pointed out an “obvious failure to forecast and the absolute lack of a minimum damage assessment”, in addition to consequences such as the delay of investigations, communications cut off or the administration blocked.
Other researchers also denounced the situation through social networks:
Today we have had some more information… Things are going a long way and we all have to install security software… It is still inconceivable that after 15 days, we still have many more ahead of us to return to normality. https://t.co/u2fzOW80dk
— Irene Mendoza (@phenogirl) August 2, 2022
Other researchers also pointed to a “structural problem” in the response systems to this type of problem.
taking into account everything that has happened in the @CSIC Since the end of May, I’m sorry, we’re not just talking (and it’s not a small thing) about the temporary problem of the response (very improvable) against ransomware. We are talking about STRUCTURAL PROBLEMS.
– David Arroyo Guardeño (@davidalqabri) August 2, 2022
“Once we receive a ransomware-type attack, we have two objectives: to re-establish the service and to identify where the cybercriminals have passed,” he explains to ABC Lawrence Martinez, director of the cybersecurity company Securízame. “And this process can be delayed for any number of reasons, like it’s a very large organization or the backups are compromised or even non-existent.”
According to Martínez, the purpose of these cybercriminals is to obtain a ransom that “can even reach a million euros.” “Before, cybercriminals left you the virus and left; now, they stay to find out data and use it against you, so negotiating with them can be a difficult task.”
Previous attacks
These cyber attacks on public administration bodies are not new: in 2021 some bodies such as the Public Employment Service (SEPE), the National Institute of Statistics and various ministries such as Education and Culture, Justice or Economic Affairs and Digital Transformation were victims of apparent targeted attacks.
This year, coinciding with the conflict in Ukraine, attacks have continued to increase in all member countries of the European Union, including Spain.