A new cyberattack shakes several municipalities and national entities. During this weekend, the Asturian company ASAC dedicated to cloud services has been affected by ransomware and has left the national entities with whom it collaborates without service.

Municipalities such as Oviedo, Vinaròs or Mungia have been affected, as well as different portals of entities such as the Spanish Foundation for Science and Technology (FECYT), the Court of Accounts or the Nuclear Safety Council (CSN), which at the moment are still not accessible.

Zeppelin ransomware affects city councils and organizations

The ASAC company explains that the early morning of May 8 they suffered a ransomware attack, similar to “those that are happening lately in our country”. The cloud company has contacted the INCIBE-CERT, as well as the National Cryptological Center (CCN CERT), who have been notified of the incident and where they have begun to collaborate to solve the problem.

As recommended for these types of attacks, ASAC shut down its systems to try to avoid possible damage. This has left the entities that work with them without service, among which is for example the City of Oviedo.

The attack left the City Council’s website without service, although it can currently be accessed. Yes OK, the systems are still not operational and the Electronic Office does not work. In the case of other affected municipalities such as Mungia or Vinaròs, the websites of the municipalities still do not work.

ASAC Comunicaciones, the municipal contractor of Oviedo, explains that “this is an attack carried out by criminals who encrypt the systems in order to profit from a ransom in exchange, blackmail which we will not access“.

The company assures that they have different security measures and certifications (ISO 27001, 27017, 27017, 20000, 22301) and that their systems “have made it possible to guarantee the total confidentiality of all information, avoiding any loss”. Faced with the incident, the company has mobilized a third of its 40-person workforce to face the attack.

The incident is reminiscent of the attack suffered by the Castellón City Council at the end of March, where it was initially reported that it had not been possible to download data but where, weeks later, documents with 119 GB of data appeared.

As confirmed by ASAC to Xataka, the cyberattack was carried out with the Zeppelin ransomware, unlike other attacks such as the SEPE that were with Ryuk or the Phone House leak with Babuk.

Zeppelin ransomware was first detected by Blackberry Cylance in 2019. It is a variant of VegaLocker / Buran ransomware and is of the type ‘ransomware-as-a-service’ (RaaS). Zeppelin manages to affect it through the most common methods, from phishing emails or malicious .EXE or .DLL files.

As described by the Unit42 firm, the ransomware includes a functionality that verifies the victim’s country code to make sure it is not run in Russia, Ukraine, Belarus or Kazakhstan. To date, the effects of this ransomware have been reported in the United States, Canada, Bulgaria, Japan, South Korea, France, and Taiwan.

Portals such as the FECYT or the Nuclear Safety Council blocked

Among the affected websites, which are still not working early Monday, is that of the Court of Accounts, the FECYT website or the website of the Nuclear Safety Council (CSN), without ruling out further damages since the ASAC company collaborates with different organizations at the national level.

From the public science foundation they report that “for technical reasons the service of all our websites will not be operational”.

🔴IMPORTANT NOTICE🔴 For technical reasons the service of all our websites will not be operational. We will notify you as soon as we resolve this issue. – FECYTCiencia (@FECYTCiencia) May 8, 2021

A similar message is offered from the CSN, where it is explained that both the website and the electronic office are not accessible.

🖥️The #CSN website and its electronic headquarters are not accessible because they are under a process of reinforcing their security. As soon as the IT maintenance work has been completed, they will be available again. Sorry for the inconvenience. – CSN (@CSN_es) May 10, 2021

The ASAC involvement has affected multiple organizations. There is also EMT Valencia or EMT Madrid, even temporarily blocking the reservation of bicycles through the application.

From the company they explain to Engadget that over the next few days “the system will be gradually reestablished until it returns to normal operations.”

