Expert Comment: Ransomware attack on Calvià City Council, Majorca
Reaching out as you may have seen on the news that the Calvià City Council in Majorca announced it was targeted by a ransomware attack on Saturday which impacted municipal services.
With the mayor stating that the municipality would not be paying the $11M ransom set by the cybercriminals under any circumstances, Joseph Carson at Delinea has commented on the news.
The news of Majorca City Calvià being the latest ransomware victim demonstrates that ransomware will continue to be a major threat for global organisations and governments in 2024, as it has been in previous years. It also highlights the difference between ransomware targeting a business versus a city council. In the latter case, the impact hits everyone who lives in that city and beyond and generates a ripple effect on many sectors, including the tourism industry. Since Majorca is a favourite destination for many tourists during the hot summer period, consequences would have been disastrous if this ransomware group had attacked during the summer season.
Calvià City Council has stated that it is in the process of restoring systems and operations, and it appears that citizens can still access some government services through alternative portals. It seems then that the city has a ransomware-resilient backup strategy in place, which is critical to ensure that systems can be restored and a ransomware payment can be avoided.
At this time, it is still unclear whether any data or what data has been impacted since it is common practice for ransomware gangs to disrupt services and exfiltrate sensitive data, which might be the next issue for the Calvià City Council to deal with. No ransomware group has claimed responsibility for now, but only time will tell as typically, not long after a ransomware incident occurs, attempts to sell or disclose stolen data start to appear on the darknet.
As always, our thoughts are with all citizens who may have been impacted and the IT and Security team dealing with this incident. We can only hope that the lessons learned from previous years mean that the Calvià City Council have implemented the best practices to minimise the impact. To avoid becoming the next victim, public and private organisations must ensure they have robust access controls in place, such as multi-factor authentication and privileged access management, as well as a ransomware-resilient backup strategy so they have a business recovery option when bad things do happen.