In Requena, a town hall cyberattack disrupted city operations on November 27, blocking servers and all council computers, which halted administrative tasks and processing workflows. Cyber criminals demanded a ransom of 500,000 in bitcoins for the restoration of the computer systems. The incident was reported to the Civil Guard, with the council flatly refusing to pay the ransom.
Ten days later, the problem remained unresolved despite assurances from the city council. The virus was detected, and gradually the server blocks were lifted one by one. Sources from the Requena town hall stated, “We have capable IT staff and workers who understand the issue and are cooperating to restore normal operations.” Cybercrime experts are assessing the entry vector, the timing of the breach, and the potential damage to municipal systems.
Among the affected systems is the payroll processing platform. Last Wednesday, November 30, civil servants could not receive their regular salaries, which are typically paid on the last working day of the month. As a result, workers could only collect a partial advance on their pay, about 50 percent, to date.
Electronic office in Albacete
Municipal sources indicate that most responsibilities can still be performed by staff using the electronic office services linked to the Albacete City Council, which serves municipalities such as Mislata and Quart and remains largely unaffected. Officials must use their personal devices, as the servers storing city data remain isolated from the infected network pending forensic analysis by telematics crime experts.
The attackers left a ransom note with a link requesting payment of more than 500,000 dollars in Bitcoin. In a later statement, the hackers appeared to mock the city’s reluctance to meet the demand, indicating they were satisfied with the amount once more.
Regarding the potential exposure of confidential information from the City Council, authorities pledged to report any findings to the Spanish Data Protection Agency and to comply with all required procedures. The National Cryptology Center (CCN), which specializes in cybersecurity for public institutions, is monitoring the situation and providing guidance on mitigation and recovery.
Other attacks on Valencia city halls
Cybercriminals have exploited perceived weaknesses in typical municipal security setups, especially in districts where older, unsupported systems remain in use. These intrusions often culminate in ransom demands. While many councils resist paying, some incidents go underreported and seldom lead to prosecutions, according to experts in telematics crime.
Over recent years, municipalities such as Carcaixent, Cheste, and Manises, as well as the port of Castelló, have experienced similar cybersecurity assaults.
In several cases, as seen with the Carcaixent town hall attack in October 2020, attackers used phishing emails opened by municipal employees to deploy Trojan viruses that spread through the network, compromising multiple servers. This underscores the importance of avoiding unknown or suspicious links and ensuring that staff stay vigilant against social engineering.