Spanish Bank Globalcaja Hit By Ransomware Attack

Written by

Spanish Bank Globalcaja confirmed last Friday that it had experienced a cyber incident involving a ransomware attack on some of its local systems. The Play ransomware group has claimed to be behind the attack. 

In an official statement published on Twitter (in Spanish), the company said the attack occurred last Thursday and prompted the financial institution to activate its security protocols.

Globalcaja reassured customers that the ransomware attack did not compromise any client accounts or agreements, and the normal functioning of its electronic banking platform, Ruralvía, remained unaffected. 

The firm also confirmed customers can continue to conduct their financial operations securely through online banking and use the available ATMs without any concerns.

As part of their precautionary measures, Globalcaja temporarily disabled specific office workstations in an effort to contain the incident and limit any potential impact. 

“The finance sector is an attractive target for ransomware attacks because of the sheer volume of data and critical services managed by financial institutions,” commented Martin Mackay, CRO at Versa Networks.

“Targeting client information and threatening to leak data can not only result in financial damage but also jeopardize the values and the reputation of the bank,” he said. 

The executive added that while it is still being determined whether Globalcaja has met Play’s ransom demands, the crucial aspect in this scenario is to refrain from yielding to any requests. 

Read more about ransomware: Ransomware Encryption Rates Reach New Heights

“Paying the ransom is no guarantee that stolen data will be returned or not leaked, and it only fuels further cybercriminal activity,” advised Mackay.

Globalcaja emphasized that they are actively working to normalize the situation and thoroughly analyze the incident.

“The one positive note is that Globalcaja had security protocols in place,” Mackay added.

The CRO also further said that banking institutions that have not yet adopted security protocols should consider implementing measures like network segmentation, which limit malware movement and minimize the impact of breaches.

“Furthermore, maintaining complete visibility across the entire network can make a huge difference in quickly identifying and dealing with cyber threats,” concluded Mackay.

According to Rebecca Moody, head of data research at Comparitech, there has been an increase in high-profile attacks on financial institutions this year.

Notable incidents include a cyber-attack on Tri Counties Bank in the US, which was later claimed by BlackBasta, an attack on Latitude Financial in Australia that potentially compromised around 14 million records, and the LockBit attacks on Fullerton India (demanding a $3m ransom) and Bank Syariah Indonesia (with a demand of $20m).

“As we can see with this latest case against Globalcaja, attacks on these types of organizations are of particular concern due to the highly sensitive data they hold,” Moody added. “While financial institutions should be commended for not giving in to hackers’ demands, they must also help customers take all of the necessary steps to safeguard themselves from identity theft and other types of fraud.”

Editorial image credit: Manuel Esteban /

What’s hot on Infosecurity Magazine?