Saturday, May 15

The SEPE is still stopped: how does the program that has rendered it useless work?

People queuing in front of public employment offices.

People queuing in front of public employment offices.

The services of the SEPE in all Spain is still unemployed after yesterday’s computer attack. They were closed preventively throughout the day yesterday and there is no forecast when the incident can be solved. From Work they remember that the payment of payroll and the management of files is not at risk, due to the backup that the SEPE performs daily on its procedures.

But how does the malicious program that has paralyzed SEPE services work? The attack is type ‘ransomware’, an extortion that is carried out through a ‘malware’ – malicious program – that gets into company teams: computers, laptops and mobile devices.

This type of software is characterized by entering the networks of a target, in this case the SEPE, and encrypting –disable – computers to demand a ransom, the cybersecurity expert explained to Efe José Rosell, managing partner of the company S2 Grupo.

The goal, the money

“His main objective is money and what is behind they are mainly gangster groups“, stressed Rosell, who has reported that the means by which the virus has been introduced is still unknown.

Normally, this type of ‘bugs’ usually enter or by a malicious email that carries an attachment or a link (url) that connects to a “web already prepared to infect the visitor”.

The ultimate goal is to encrypt, that is, to render the computers useless, so that if the company wants to recover the contents of the computer and return to work, it has to pay a ransom.

“But the first thing to say is that you rescue them – that they don’t normally transcend– they cannot be paid; it’s a crime“, has riveted this expert, who has added that an attack of this type can be difficult to solve. Although the impact has not yet transcended, it may even take days, depending on the magnitude of it.

Research at CNI

On the employment service website you can read that for reasons beyond SEPE’s control, the website and the electronic office they are not operational. “We are working to restore service as soon as possible.”

In addition, this fact is already being investigated by the National Intelligence Center (CNI), sources from the agency have confirmed to Efe.

On its website, the National Cybersecurity Institute (Incibe) explains that this type of malicious software “hijacks” company information, preventing access to it, generally encrypting it, and requesting a ransom (in English ‘ransom’) in exchange for its release.

It usually causes temporary or permanent loss of information, disrupts normal activity, causes economic loss and reputational damage.

This type of attack is growing exponentially because it is very profitable for criminals, among other things because there are more and more “hijackable” devices, adds the Incibe.

Rosell has agreed: “they are not the most dangerous, but yes of the most common incidents “.

Global digitization

As for why the attack on the SEPE has occurred, the expert has summarized: this is due to the digitization of the world.

“While we are talking about digital transformation, in parallel, a little behind, is cybersecurity. Without cybersecurity there can be no digital transformation,” said Rosell, who has thought that much more should be invested in raising awareness.

And is that this type of ‘ransomware’ enter using and deceiving people, either because you click an email or a link.

Regarding the specific type of ‘ransomware’, this expert has said that initially it looks like one called ‘ryuk’, although it still there is not enough information about it.

Leave a Reply

Your email address will not be published. Required fields are marked *