Last minute: update on the cyberattack on the Elche City Council — recovery and impact
Joel Basanta
At the end of August 2025, the City Council of Elche was the victim of one of the most serious cyberattacks recorded in Spanish public administrations: a ransomware attack that paralyzed more than 1,500 devices, collapsed key services and forced the reconstruction of the municipal IT architecture. With a wealth of new information that has emerged in recent days, we analyze the state of recovery, learning and the impact for the city and its citizens.
Current status: progressive return to normality
The City Council of Elche has gradually begun to re-establish its essential services, especially face-to-face citizen care at Municipal Offices (OMAC) and the Treasury, Social Services and Mayor's Office services.
The Local Police and the municipal telephone maintained their operation from the beginning, preventing a total collapse, and contracts and administrative procedures have been carried out using manual methods during the crisis.
All equipment is being individually reviewed before reconnecting to the network, in coordination with external experts and the CSIRT-CV, to ensure a safe environment after the “computer shutdown”.
The City Council has migrated servers to a new secure network and will continue working to restore the electronic office and other digital services in the coming weeks, as forensic analysis and technical tests progress.
What happened: ransomware attack, million-dollar ransom and institutional response
The attack occurred at 8:52am on August 25 through a vulnerability in the municipal network and encrypted critical data in a matter of milliseconds, according to the mayor himself.
The cybercriminals left a million-dollar ransom note, which is being investigated by the National Police and Europol. It is still unknown if personal data was stolen, but the Spanish Data Protection Agency has been notified.
The reaction: immediate activation of the Crisis Committee in accordance with the National Security Scheme, national and international collaboration in cybersecurity and priority attention to payroll, providers and healthcare services.
While recovery work continues, administrative deadlines and electronic processing remain suspended, and citizens are being publicly informed about the progress.
Social impact and citizen concern
The news raised alarm over the possible leak of personal data; the council and the opposition parties have required maximum transparency to clarify the scope and cost of the incident.
The attack highlighted the critical nature of digitalization in public services and the vulnerability to criminal groups that seek to exploit technical and human breaches.
Lessons learned and reflections for public administrations
Secure reconstruction and migration to robust and segmented networks is an essential step for future prevention.
Training all personnel in cybersecurity and reinforcing the coordinated response with bodies such as CSIRT, CCN and the Data Protection Agency is essential.
The importance of maintaining effective backups, responsible use policies and transparency in crisis management has been demonstrated.
🛡️ Request your free consultation with Apolo Cybersecurity and reinforce your digital protection against ransomware
The case of Elche transcends local borders: it shows the sophistication of the attacks and the need for preventive and recovery policies in every public administration. Only preparation, cooperation and continuous training can minimize the impact of cyberattacks such as the one suffered by this city council.
Do you want to know if your administration or company is prepared for a similar attack?
%402x.svg){kind=icon}
