The city council of Seville, Spain, was still recovering Thursday from a cyberattack that officials have attributed to the LockBit cybercrime gang.
The council said it will not pay a ransom of $1.5 million demanded by the hackers, according to local media reports. The incident has affected a broad range of city services, including police, firefighters and tax collection.
The attack began Monday, according to city officials, and it was initially identified as an internal system failure. Further analysis soon revealed it to be a cyberattack, officials said. LockBit typically extorts victims by encrypting networks and threatening to post stolen data on its leak site.
Mayor José Luis Sanz said Thursday that the city was trying to restore services as soon as possible. Seville is the capital of Spain’s autonomous Andalusia region and the country’s fourth-largest city overall.
It is unclear if LockBit has stolen any data, officials said. As of Thursday, there were no reports of LockBit leaking any data from Seville’s government.
National police and the incident response unit of Spain’s National Cryptological Center (CCN-CERT) are involved in the investigation.
LockBit has been in the headlines all year, taking credit recently for attacks on an electric utility in Montreal and healthcare technology giant Siemens Healthineers. Spain’s national police issued a general nationwiide warning about LockBit on August 25.
The attacks have come as analysts have questioned the reliability of the group’s infrastructure, but also noted its influence on the broader ransomware ecosystem.