Elche City Council has gone from having its computer systems hacked by ransomware on August 24th, which is still affecting one of the municipal servers and for which they are waiting to hire a company to decrypt the data from the last six months, which they cannot access, to getting all kinds of scam and data theft attempts through corporate phones and municipal emails. This is confirmed by several councillors and officials who are getting an avalanche of false messages and calls that is getting worse every day. It has gotten so bad that even the councillors of the municipal administration are not afraid to say in public that they are tired of getting these calls at any time, acknowledging that it is because of a cyberattack. This is more indication that the hackers who wanted millions of dollars to provide Elche City Hall the code to decrypt its systems are working with other cybercriminals to whom they allegedly sold all this information, including phone numbers and hundreds of email addresses. The city officials didn’t pay anything and gave the blackmail documents they got—no one knows how—to the National Police and INCIBE, the National Cybersecurity Institute.
Almost all types of electronic scams are happening on mobile devices and through municipal messaging. They all seem to come from official sources, like the General Directorate of Traffic and city councils. The most recent case was in the Asturian municipality of Siero, where people were invited to click on false information for any reason. The Elche City Council, which on Tuesday, October 21st, reported a modification of 868,000 euros to the 2025 budget to cover new investments in cybersecurity , has not reported this fact, much less whether a complaint is being filed with the same authorities investigating what happened almost two months ago, events for which there is little information available, neither the origin nor the loss of sensitive data, which would correspond to the period from February 11 to August 25, the day the intrusion into the systems was discovered and it was decided to shut down all equipment as the only measure to prevent the spread of the ransomware. There is complete silence after Amber Strict’s statement, which was based on the seriousness of what happened. On Tuesday, Compromís also criticised the opposition for not being given enough information about what happened or the fact that a cybersecurity contract was not awarded in 2024, something that Guilabert himself denied this saying that this contract, which came from the previous corporation, was left vacant.
Phone numbers and email addresses
According to sources, people are getting the four primary types of scams via the phone and by email. There are incidents of phishing, where bogus emails that don’t come from the organisations that are meant to be sending them are used to steal information. Some victims have reported getting up to six or seven calls and text messages a day on their cell phones that are trying to get private information and take control of the phone if someone clicks on the link that looks like it came from a trusted source. This is called vishing and smishing. People can also be sent to fake websites for any reason, which is called pharming.
Council members are also receiving many calls from abroad on their municipal cell phones every day, from numbers they definitely don’t recognise, and most of them don’t answer, but there’s no guarantee that some of them haven’t already. One of these scams is caller ID spoofing, which is a sort of phishing that makes the caller think the call is coming from a trustworthy number by changing the caller ID. Some scams also stop when the person on the other end of the line picks up the phone and hangs up.
Sextortion
One of the messages, which the publication has seen, is a sextortion message. This is a type of phishing that tries to trick the individual into thinking they have sexual content from this person. Most of the time, these messages ask for payment in Bitcoin in exchange for avoiding distributing films that are said to be embarrassing. They are said to be emailed to all of the victim’s contacts because they also have that information. The lie makes the victim worry and forces them to respond immediately, without thinking about the circumstance or analysing it.
Safety
The city’s IT security staff has been working on this since it was found out, and they are letting all city workers know by email, even though many of them still can’t use their computers. Claudio Guilabert, the Councillor for Innovation, said on Tuesday that between 65 and 70% of the more than 3,000 municipal computers had been formatted and connected to the new white network that will replace the old, corrupt one. However, many programs still need to be installed on these computers, depending on the type of workstation they are.
One of these fake texts says the following: We have found an email received from the account alcaldia@ayto-siero.es that is NOT an official message from the City Council. The fake message had the subject line “Invoice from the Siero City Council.” Please do not open any links or attachments in this email. This email is from an automated noreply account, which means it can’t get replies. So please don’t reply to this email; no one will answer. Thanks for your understanding. City Council of Siero. ” The municipal security services are doing exactly what they should be doing: urging officials to be careful and not be deceived. After the cyberattack, the Elche City Council said that all officials will get a new course on cyberattacks to learn what not to click on, how to spot them, and, in the worst event, what to do if they accidentally click on the wrong button.
Author: Derek Appleton
No Comment! Be the first one.