Globalcaja bank confirms ransomware attack


Globalcaja, a large Spanish bank, has confirmed that it’s been affected by a ransomware attack. Cybercriminal gang Play has claimed the attack.

The Spanish financial institution has released a statement saying that it registered a “cyber incident” that infected local computers with ransomware.

“The attack has not affected the transactions of the organization (neither the accounts nor the agreements of the clients have been compromised), so it’s possible to use electronic banking, as well as ATMs,” Globalcaja said.

ADVERTISEMENT

The company said it has activated security protocols, disabled some of its systems, and limited the operation of others.

Globalcaja
Globalcaja posted on Play's leak site. Image by Cybernews.

Play ransomware claimed the attack on June 2nd, posting Globalcaja on its dark web blog. The blog is commonly used to showcase the gang’s latest victims.

According to the hackers, they were able to steal confidential data, client and employee documents, passports, contracts, and other data. The gang did not specify how large the stolen dataset was.

Globalcaja operates primarily in Spain. The financial institution has over 450,000 customers, controls nearly $5 billion in assets, and boasts over $38 million net profit.

Play ransomware is a relative newcomer to the game, first spotted in June 2022 and described as being inspired by Hive, a similar gang that has reportedly folded. According to the dark-web monitoring platform DarkFeed, it has so far victimized 114 organizations.

Most notably, Play was behind the crippling attacks against the city of Oakland, California, and BMW France, which BMW later narrowed down to a local dealer of its vehicles operating independently of the auto giant.

ADVERTISEMENT