Spanish bank Globalcaja confirms Play ransomware attack

Play ransomware group claims responsibility for a ransomware attack that hit Globalcaja, one of the major banks in Spain.

Globalcaja is a financial institution in the autonomous community of Castilla-La Mancha, it has more than 300 offices across Spain and provides banking services to more than half a million clients.

Globalcaja was the victim of a Play ransomware attack that impacted operations at several offices of the bank.

The Play ransomware gang added the bank to the list of victims on its Tor leak site and claims to have stolen private and personal confidential data, clients and employee documents, passports, contracts, and more. The group will publish the stolen data on June 11, 2023, if the bank will not pay the ransom.

The bank confirmed that incident in a press release, the financial institution attempted to downplay the attack by saying that it has not affected the transaction of the entity or its clients. However, the incident response procedure is temporarily limiting some operations.

“It has not affected the transactions of the entities (nor the accounts or the agreements of clients.) The offices are operating with total normality when it comes to electronic banking and ATMs,” reads the press release. “From the very beginning, at Globalcaja we activated the security protocols created for this purpose, which led us to disable some office posts and temporarily limit the performance of some operations. We continue to work hard to finish normalizing the situation and are analyzing what happened, prioritizing security at all times.”

The bank is investigating the incident and notified local authorities, it has yet to disclose a data breach.

The Play ransomware group has been active since July 2022, the list of victims includes the City of Oakland and the Cloud services provider Rackspace.

In March, the Play ransomware group hit the Dutch maritime logistics company Royal Dirkzwager.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Globalcaja)