Calvià City Council in Majorca, a prominent tourist destination with a population of 50,000, experienced a ransomware attack that impacted municipal services. The cyberattack prompted the formation of a crisis committee to evaluate the extent of the damage and devise plans for mitigation. Despite the disruption caused by the attack, Mayor Juan Antonio Amengual stated that the council would not pay the €10 million ($11M) ransom demanded by the cybercriminals. The municipality is actively working to restore normalcy, with a team of IT specialists conducting forensic analysis to assess unauthorized access and recover impacted systems.
The ransomware attack led to IT outages, resulting in the suspension of administrative deadlines for submissions until January 31, 2024. Calvià City Council has informed the police’s cybercrime department about the incident and filed necessary complaints, along with preliminary forensic analysis information. The municipality expressed regret for any inconvenience caused by the situation and emphasized its commitment to resolving it efficiently. Despite the disruption, citizens can still access services via phone communication, and those requiring urgent document submissions can use the General State Administration portal.
While none of the major ransomware groups have claimed responsibility for the attack, local media reports indicate that the ransom demanded is €10 million. The mayor, however, asserted that the municipality would not comply with the ransom demand. This incident underscores the significant risk ransomware poses to entities of all sizes, including small towns, with potential severe repercussions on daily operations and public services. The refusal to pay the ransom highlights the firm stance against yielding to extortion attempts, emphasizing the growing concern surrounding cyber threats in today’s digital landscape.
