La Autonomous City of Melilla remains in a state of crisis after a serious attack of Ransomware which, since the end of June, has maintained most of its municipal systems are inoperative. Today we do a full review: how is the recovery? , what the authorities have detected and what steps are strengthening infrastructures.

Current status and uncertain deadlines

From the Saturday, June 22, Melilla is experiencing a total downturn affecting 90 of its 100 critical servers, keeping them inaccessible even today.

  • The attack was allegedly carried out using credentials stolen from a working employee Teleworking from outside Melilla, which meant a key human failure.
  • The first few hours went unnoticed until, between Sunday and Monday, they began to discover the damage.
  • As of today, There is no estimated date for full recovery, although it is considered that the partial reactivation may begin next week.

Investigations and response from the CNI

  • El CNI, through the National Cryptological Center, is deploying forensic and technical equipment to decipher the range and detect hidden infections.
  • It has been verified that data encryptionand, although the theft has not yet been confirmed, sensitive information about citizens and employees is presumed to be exfiltrated.
  • As a measure, the administrative and judicial deadlines until the functional restoration of systems.

Causes and factors of the attack

  1. Cyber hygiene failure: remote access from an external location contributed to the hack.
  2. Inadequate contingency plan: the attackers managed to eliminate “Plan B”, which indicates an incomplete defense structure.
  3. Technological Dependency: the city lacked alternative critical systems to continue operating.

Key lessons for all public administrations

  • Zero Trust Strategy: minimize the risk of remote access without verifying identity.
  • Air-gapped secure copies and regular verification.
  • SOC 24/7 + TLPT: proactive detection and real simulations to ensure resilience.
  • ENS Essentials Audits: review that basic cybersecurity requirements are implemented and updated.

Next steps and institutional support

  • The Government of Melilla will maintain the service manually until there is partial restoration.
  • The city is paying 1.2 M € to the CNI for its operations center, but the authorities recognize that “it is not a magic wand”.
  • Spain is experiencing a second wave of cyberattacks on city councils, after Villajoyosa and other cases, which requires common reinforcement.

Protect your city council today against cyberattacks like this

In Apolo Cybersecurity we offer:

  • GAP ENS audits and concrete improvement plans
  • 24/7 SOC implementation and Threat Intelligence services
  • Real simulations with TLPT adapted to public environments
  • Specific cyber hygiene training for employees and technical teams

Request a free audit and personalized action plan now

Prev Post
Next Post

Any questions?
We're happy to help!

CONTACT US TODAY!
info@apolocybersecurity.com
Data Controller: Apolo Analytics SL
Purpose: To process your request and respond to your message.
Legal Basis: Consent of the interested party upon submitting the form.
Recipients: Data will not be transferred to third parties, except under legal obligation.
Rights: You may exercise your rights of access, rectification, and deletion, among others, by sending an email to secretaria@apolocybersecurity.Com.
Additionall information: You can view the full information on our Privacy Policy.

Thank you!

Your message has been successfully received.
Oops! Something went wrong when submitting the form.
We are waiting for you!
Schedule a call
Project photo
send us an email
Project photo
+34 937948378
Project photo
Carrer de Sant Joan de la Salle 42, Barcelona, spain
Project photo
FAQScontactTERMS AND CONDITIONSWork with Us
Accelerated by:
Certifications:
Light Eyes is part of Apolo Cybersecurity
LEGAL NOTICEPRIVACY POLICYCookies
Copyright © 2025 Apollo Cybersecurity