Cyberattack on Villajoyosa City Council (Alicante): impact, ENS and how to protect Local Administrations

This week, the La Vilajoyosa Town Hall (Villajoyosa, Alicante) has suffered a major ransomware attack that has left your computer systems, including those of the Local Police, inoperative for several days. This incident reflects the growing wave of cyberattacks on local public entities in Spain, who must strengthen their cybersecurity to comply with regulations such as the ENS (National Security Scheme).

‍

What has happened in Villajoyosa?

The Past July 2, 2025, the council detected anomalous activity on its network, confirming a ransomware attack that blocked access to key data and systems

‍

Direct impact:

• Inactive municipal and police systems
• Public service and administrative procedures carried out manually
• Slow recovery process, with a forecast of restore only 70% of critical systems by the following week

‍

Measures adopted by the City Council

The council is working with the Cybersecurity Operations Center (COCS) of the National Cryptological Center for:

1. Analyze the origin and scope Of the attack
2. Format and reinstall critical systems
3. Check and clean all affected equipment
4. Implement legal actions and coordinate with security forces

‍

ENS (National Security Scheme): key to protecting municipalities

What is the ENS?

El National Security Scheme (ENS) It is the Spanish regulation that establishes the minimum principles and requirements to protect information in the Public Administration and its suppliers.

🔑 Your main objectives:

• Ensure the confidentiality, integrity and availability of public information
• Define policies, procedures and controls in cybersecurity
• Strengthen resilience to cyberattacks and advanced threats

‍

🏛️ Compliance with the ENS is mandatory for municipalities

This attack demonstrates that the real and effective implementation of the ENS it is not only a legal procedure, but an essential requirement for:

• Ensure the continuity of public services
• Protect the data of citizens and municipal employees
• Avoid penalties for regulatory non-compliance

‍

Key Lessons for Local Governments

✅ Priority measures according to the ENS

1. Perform a risk analysis Updated municipal systems
2. Develop a Continuity and Contingency Plan In the face of incidents
3. Implement a 24/7 SOC (Security Operations Center) to monitor threats
4. Perform Threat Led Penetration Testing (TLPT) and regular technical audits
5. Train staff in cyber hygiene, phishing and security protocols
6. Ensure the correct one access and privilege management on all systems

‍

🚀 How can Apolo Cybersecurity help you?

In Apolo Cybersecurity we help municipalities, councils and public entities to:

• Implement and maintain the ENS compliance at all levels
• Perform GAP ENS evaluations and design realistic action plans
• Deploy 24/7 SOC with Threat Intelligence adapted to the public sector
• Execute TLPT tests and technical audits to discover vulnerabilities
• To impart practical training for employees and security managers

✅ Request your free audit and personalized cybersecurity plan for your City Council

‍