The Valdemoro City Council detected an incident on its network on May 5 that affected its servers and left online or computer-based procedures and inquiries without service. While municipal technical services work on resolving it, the council has enabled manual paper registration to maintain service.
The gap between the official response and the scope attributed by the group claiming the attack marks the case. The municipal statement did not detail what data may have been compromised or how many affected there would be, but the cybercriminals from Kairos claim to have obtained 1.8TB of information, including police reports, national identity documents, administrative files, and municipal documentation with personal and sensitive data.
The City Council disconnected the servers and maintained the paper registry
After detecting the intrusion, the Valdemoro City Council notified the incident to the National Cryptologic Center and the competent authorities. It also disconnected the servers as a preventive measure to avoid additional risks in the municipal computer systems.
In its statement, the council admitted that its protection measures did not prevent the incident and recalled that zero risk exists neither in the public nor in the private sector.
"The servers have been disconnected, as a preventive measure, to avoid any type of risk to the computer systems of the City Council" - Valdemoro City Council, official statement
During the incident, administrative activity was limited in all procedures that require connection or computer equipment. To sustain basic operations, the municipality opened the option of submitting documentation through manual paper registration.
Kairos attributed the theft to 1.8TB and Ransomware.live assigns it 85 victims
Outside of institutional communication, the authorship of the attack was claimed by Kairos, a group of cybercriminals that, according to the Ransomware.live platform, has been operating since the end of 2024. Their pattern, according to that tracking, focuses on data theft without encryption.
The same platform places Kairos in campaigns against medium-sized organizations in the healthcare, manufacturing, and business services sectors in the United States and other Western countries. In this record, it accumulates 85 attributed victims since the end of 2024.
In the case of Valdemoro, the attackers claim to have extracted 1.8TB of data from the municipal environment. Among the material they claim to have obtained would be police reports, national identity documents, administrative files, and other municipal archives with personal and sensitive information.
The City Council, for now, has not confirmed that volume nor has it specified the nature of the affected information. Nor has it communicated a number of people potentially harmed by the intrusion.
The council asked to change passwords and monitor possible fraud
Given the risk of subsequent fraudulent uses, the council transferred several recommendations to the citizens. It asked not to open suspicious links received by SMS or email and to avoid providing passwords or PINs by phone or messaging.
Furthermore, he advised changing the passwords of the services used and reviewing any banking anomaly with the corresponding entity. If misuse of identity is detected, the municipal instruction is to file a complaint with the Police.
The most concrete warning disseminated by the Valdemoro City Council was that residents should contact their bank in case of any anomalous movement and report any misuse of their identity to the Police.