Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Spanish bank Globalcaja confirms Play ransomware attack

Play ransomware group claims responsibility for a ransomware attack that hit Globalcaja, one of the major banks in Spain. Globalcaja is a financial institution in the autonomous community of Castilla-La Mancha, it has more than 300 offices across Spain and provides banking services to more than half a million clients. Globalcaja was the victim of […]

Globalcaja

Play ransomware group claims responsibility for a ransomware attack that hit Globalcaja, one of the major banks in Spain.

Globalcaja is a financial institution in the autonomous community of Castilla-La Mancha, it has more than 300 offices across Spain and provides banking services to more than half a million clients.

Globalcaja was the victim of a Play ransomware attack that impacted operations at several offices of the bank.

The Play ransomware gang added the bank to the list of victims on its Tor leak site and claims to have stolen private and personal confidential data, clients and employee documents, passports, contracts, and more. The group will publish the stolen data on June 11, 2023, if the bank will not pay the ransom.

The bank confirmed that incident in a press release, the financial institution attempted to downplay the attack by saying that it has not affected the transaction of the entity or its clients. However, the incident response procedure is temporarily limiting some operations.

Globalcaja

“It has not affected the transactions of the entities (nor the accounts or the agreements of clients.) The offices are operating with total normality when it comes to electronic banking and ATMs,” reads the press release. “From the very beginning, at Globalcaja we activated the security protocols created for this purpose, which led us to disable some office posts and temporarily limit the performance of some operations. We continue to work hard to finish normalizing the situation and are analyzing what happened, prioritizing security at all times.”

The bank is investigating the incident and notified local authorities, it has yet to disclose a data breach.

The Play ransomware group has been active since July 2022, the list of victims includes the City of Oakland and the Cloud services provider Rackspace.

In March, the Play ransomware group hit the Dutch maritime logistics company Royal Dirkzwager.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Globalcaja)