Majorca Tourist Hotspot Hit With $11m Ransom Demand

Written by

A major Spanish holiday destination became the latest victim of ransomware last weekend, with reports claiming digital extortionists are demanding €10m ($11m).

The municipality of Calvià in the south-west of Majorca includes the popular tourist hotspot of Magaluf and attracts over one million visitors a year to its shores.

A statement on the council’s website claimed it is now working “intensely to try to return to normality as soon as possible” following a cyber-attack last weekend.

“In response to some questions raised by residents in the municipality, the council recalls that residence certificates can be obtained at the City Hall itself, in the morning, and also at the Municipal Tax Office,” it explained. “In any case, both the payment of taxes and subscriptions (for example, to municipal sports facilities) cannot be carried out during this week.”

The notice also thanked the hundreds of council employees for their “enormous commitment” to provide services to residents and visitors despite not being able to access key IT systems.

A local report claimed that officials have confirmed a ransom demand of €10m ($11m) which local mayor, Juan Antonio Amengual, has refused to pay.

Read more on ransomware payments: Experts Clash Over Ransomware Payment Ban

A crisis committee has apparently been assembled to assess the impact of the attack on local services, and an IT team is working through forensic analysis and recovery processes. The Guardia Civil has reportedly also been contacted for assistance.

It’s unclear whether any data was stolen as part of the attack and if encryption payloads were deployed by the threat actors.

Blackfog CEO, Darren Williams, explained that government entities are a popular target for ransomware actors due to the sensitive data they store and the essential services they provide.

“Calvià is showcasing Spain’s dedication to the Counter Ransomware Initiative, as it was among last year’s signatories that pledged to not pay ransom demands,” he added.

“While it often seems like giving in to extortion demands is the easiest and fastest way to recovery, organizations and government entities need to collectively focus on preventative technologies such as anti-data exfiltration that stop attackers before it’s too late.”

The one relief for local officials will be that this breach came during the island’s off-season.

What’s hot on Infosecurity Magazine?