Spanish banking group Globalcaja has confirmed it experienced a ransomware attack from the Play gang.
In a statement on Twitter, Globalcaja reported the discovery of the attack on “some local computers” on June 1. The official message indicated that the incident involved a ransomware virus but noted that it did not impact the bank’s transactional services or customer accounts.
The Play ransomware group has claimed responsibility, asserting on its Tor leak site that it possesses sensitive information, including private client and employee data, documents, passports, and contracts. They have threatened to release this data on June 11 unless a ransom is paid. Globalcaja has not disclosed whether it intends to pay the ransom.
With over 300 offices across Spain and approximately 1,000 employees serving nearly half a million customers, Globalcaja reported that online banking and ATMs are functioning normally. The bank has implemented security protocols, which include closing some offices and temporarily limiting certain operations.
“We continue to work diligently to restore normalcy and analyze the situation, prioritizing security at all times,” the statement said.
Ray Kelly, a fellow at the Synopsys Software Integrity Group, emphasized the importance of vigilance in cybersecurity, noting that using multiple techniques is crucial to prevent breaches, as relying on a single solution is insufficient.