Calvià City Council in Majorca Hit by Ransomware Attack

• Written by Shipra Sanganeria Cybersecurity & Tech Writer
• Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

In a recent announcement, the city council of Calvià, Majorca, notified the citizens about a ransomware attack that impacted the municipal services since last week.

Situated in the south-west of Majorca, Calvià is one of the major tourist hotspots, with over a million visitors annually.

The attack is said to have occurred in the early hours of Saturday, January 13. According to local media reports , a ransom of €10 million ($11 million) has been demanded, which Juan Antonio Amengual, the local mayor, has refused to pay.

The attack is believed to have hit Calvià council’s systems, forcing it to create a crisis committee to analyze the impact on affected services. Moreover, an IT team in partnership with third-party experts is conducting forensic analysis to mitigate and hasten the recovery process.

‘’Calvià City Council continues to work intensely to try to return to normality as soon as possible after the cyber-attack suffered last weekend,’’ the statement read. (Google Translate)

Keeping in mind the impacted services, the council has asked citizens to reach out to the General State Administration Registry for submitting necessary documents.

It has also temporarily suspended all administrative deadlines, including submission of claims and requests until January 31, 2024. In the issued statement, it also advised citizens regarding other local services.

“In response to some questions raised by residents in the municipality, the council recalls that residence certificates can be obtained at the City Hall itself in the morning and also at the Municipal Tax Office,” the statement explained. “In any case, both the payment of taxes and subscriptions (for example, to municipal sports facilities) cannot be carried out during this week.”

The notification concluded by thanking the thousands of city council members and regrets for the inconvenience. It also reminded the citizens that support services could still be availed via both in-person and telephone communication.

Furthermore, in accordance with the laws and regulations, the council also filed an official complaint about the incident with the cybercrime division of the police department, along with submission of preliminary forensic analysis.

Crypto-Related Phishing Scam Lures Victims to Steal Over $80 Million

• Written by Shipra Sanganeria Cybersecurity & Tech Writer
• Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Inferno Drainer, the most notable crypto-related phishing campaign, imitated over 100 cryptocurrency brands to trick victims into approving malicious transactions.

The drainer, which is now defunct, was active between November 2022 to November 2023, and has over 16,000 unique phishing domains associated with it, researchers at Singapore-based Group-IB revealed in a blog post.

Inferno Drainer operates under a scam-as-a-service model, where the organizer/developer keeps 20% of the stolen assets, while the users of the service keep the remaining 80%.

Quoting figures from Scam Sniffer , the firm went on to reveal that more than $80 million was stolen from over 140,000 victims in the said year. It further emphasized the danger to crypto owners by the software and its users, as it ‘’was still active as of the middle of January 2024’’.

First, the victims were lured to the dubious crypto brand websites by Inferno Drainer users. These sites ‘’spoofed popular Web3 protocols such as Seaport, WalletConnect, and Coinbase to initiate fraudulent transactions.’’

Seaport is a Web3 marketplace protocol used for NFT trading while ‘’WalletConnect and Coinbase are protocols that allow self-custody crypto wallets to connect to decentralized applications (DApp) in Web3.’’ These protocols require manual authorization by a user. Thus, to make it seem legitimate, the drainer’s developer spoofed these protocols to defraud the victims.

Upon establishing the infrastructure and successful linking of users’ accounts, the scammers ensured that victims accepted the transactions in lieu of financial rewards or prizes.

‘’The allure of potential riches, which forms a key part of the content presented to victims on phishing websites, makes users connect their wallets to the attacker’s infrastructure. The malware was placed on sites that are disguised as official crypto token projects and spread on X (formerly Twitter) and Discord,’’ the researcher explained.

Group-IB warns crypto owners to be cautious when clicking on links offering free financial rewards and prizes. ‘’The dangers will only get worse. In-depth investigations and bringing criminals to justice are the only way to prevent future attacks. It is crucial that victims file cases about the attacks they experienced with the relevant law enforcement agencies.’’