ransomware

Ransomware has exploded in Spain and the data confirms it

by

He ransomware It is one of those attacks that no one wants to suffer. Companies fear it because, if they do not manage to contain it in time, they can be paralyzed for days, weeks or even months, with million-dollar losses as a consequence. It is not foreign to private users either: we will not always be willing, nor able, to pay a ransom, which in many cases means losing our files. However, this threat continues to advance, gaining presence in our environment and forcing us to remain more alert than ever. Spain, among the most affected countries. The team of Thales Cyber ​​Threat Intelligenceone of the largest European defense and cybersecurity groups, places Spain as one of the most attractive targets for actors operating with ransomware. According to their report shared via email, the country recorded 164 attacks in 2025, with 79 in the first half of the year and 85 in the second. The most relevant data comes when putting these figures in context: Spain ranked sixth in the world in the number of attacks during the second half of the year. A trend that points upward. Thales experts also point out that ransomware attacks in Spain grew by 7.6%, an increase that is part of a general increase in cyber activity. Behind them are factors such as geopolitical tensions, the evolution of ransomware tools, the increasingly rapid exploitation of vulnerabilities and the interconnection of threats between critical sectors. All of this creates a scenario with more mature, organized and difficult to contain actors. The global context changes the scale. Although the situation in Spain invites vigilance, the panorama is transformed when it is expanded to an international level. The United States was the most affected country in the second half of 2025, with 3,946 attacks. They were followed by Canada, with 411, and Germany, with 296. The weight of the United States is especially striking: it accounted for 51.23% of the attacks recorded in that period, which shows a very unequal distribution of this criminal activity. A particularly exposed sector. On a global scale, and always according to Thales, the financial sector continues to be among the main objectives. Banks, payment institutions and fintech companies face not only ransomware campaigns, but also persistent threats from advanced cybercriminals, state-sponsored actors and hacktivist groups. In 2025, this sector accumulated 533 ransomware attacks, the highest number among the industries analyzed. The report also identifies the most active groups. Qilin led the activity with 60 attacks, followed by Akirawith 29, and Inc Ransom, with 17. To them were added two operations that emerged in the second half of the year, The Gentlemen, with 13 attacks, and Sinobi, with 10, which managed to place themselves among the five most active groups against the financial sector. Consequences that go beyond the numbers. When a ransomware attack manages to overcome an organization’s defenses, the impact stops being statistical and becomes tangible. At the international level, Jaguar Land Rover was forced to paralyze its factories for more than a month after an incident of this type. In Spain, several town councils have also suffered similar attacks, with service interruptions and operational problems that show to what extent these threats have ceased to be a theoretical risk and have become a very real challenge. Images | Xataka with Gemini | Thales In Xataka | How often should we change ALL our passwords according to three cybersecurity experts

how two professionals fell after using ransomware

by

He ransomware It usually presents itself as an external threat, diffuse and difficult to locate, associated with criminal groups that operate from other countries and to hidden infrastructures on the network. However, the case that has communicated the United States Department of Justice breaks that narrative. Here we are not talking about a specific surveillance failure, but about professionals from the sector itself who, according to the accusation, used their training and position to attack American companies. The conclusion is as simple as it is alarming: the threat does not always come from outside, even in such a specialized field. What is known about the case today is well defined in court documents and official statements. On December 30, 2025, the Department of Justice reported thatthe day before, a federal court in the Southern District of Florida accepted guilty pleas from two men for conspiring to extort in connection with ransomware attacks that occurred in 2023. Both pleaded guilty to a federal crime related to obstructing or affecting commerce by extortion. Sentencing was set for March 12, 2026 and they face a maximum sentence of up to 20 years in prison. Who they were and what role they played in the sector. According to the FBIthe accused are Ryan Goldberg, 40, and Kevin Martin, 36. Both worked in the field of cybersecurity and had experience in incident management and in processes linked to attacks with this type of malicious tool. Goldberg worked as an incident response manager in a multinational company in the sector, while Martin worked as a negotiator specialized in this type of extortion within a company dedicated to responding to cybercrime. This professional context placed them in an unusual place for this type of crime. A ransomware model turned into a service. The case documents describe that the attacks relied on ALPHV, also known as BlackCata ransomware operated under a service model. In this scheme, developers maintain the malware and extortion infrastructure, while affiliated third parties execute attacks against selected victims. In exchange for that access, the defendants agreed to give 20% of any ransom obtained to the administrators. The rest was distributed among the participants, after moving the funds through different digital wallets to make them difficult to trace. The investigation is not limited to a single incident. The documents include attacks and attempts directed against US companies between April and December 2023, with victims in sectors such as healthcare, pharmaceuticals, industrial and technological sectors. In the only successful case, the ransom paid was around $1.27 million in cryptocurrency at the time of payment, according to the file. In other episodes, the demands reflected in the case ranged from hundreds of thousands of dollars to around five million, always according to court documents. The evidence that supports the accusation. The case is supported by a combination of technical records, financial analysis and statements collected by US federal forces. Among the elements cited are access to tools linked to the extortion infrastructure and the monitoring of cryptocurrency movements after the payment of the ransom. The file also mentions searches carried out before some attacks, including an inquiry about one of the victims on May 4, 2023, days before a subsequent incident. Added to this is a recorded interview in which one of the accused acknowledged his involvement, in addition to searches and other actions incorporated into the case. Images | Xataka with Gemini 3 Pro In Xataka | Gonzalo is the Army’s ChatGPT. Its challenge is colossal: turning AI into the great military ally of the 21st century

Log In

Forgot password?

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections

Here you'll find all collections you've created before.