Ransomware Attack Hits Spanish City of Sanxenxo, Government Rejects Bitcoin Ransom

GasFeeTears · 2026-02-05T04:16:20+00:00

A ransomware attack in Sanxenxo, Spain, paralyzed municipal operations, encrypting vital files and demanding $5,000 in Bitcoin. The city opted against paying the ransom, instead focusing on system recovery and emphasizing cybersecurity best practices.

GasFeeTears

2026-02-05 04:16:20

Abstract generation in progress

A city government in Spain has become the latest target of a major ransomware attack. According to reports, the municipality of Sanxenxo in Spain’s Galicia region fell victim to the cyber assault on January 26, with attackers demanding $5,000 in Bitcoin as payment to restore access to locked files. The incident has highlighted growing cybersecurity vulnerabilities facing municipal administrations across Europe.

The Attack and Its Immediate Impact

The ransomware deployment successfully encrypted thousands of administrative files housed within the city’s computer systems, effectively paralyzing municipal operations. The comprehensive nature of the attack resulted in a complete shutdown of core governmental infrastructure, blocking employees from accessing essential databases and services. Sanxenxo, which serves approximately 17,000 residents, found itself unable to process routine administrative tasks, from permit applications to utility management.

The attackers, leveraging the disruption caused by their encryption scheme, presented a $5,000 ransom demand in Bitcoin—a common tactic among cybercriminals targeting government entities. However, local authorities remained steadfast in their decision to resist capitulation to the extortion attempt.

Official Response and Recovery Operations

Officials promptly reported the incident to the Spanish Civil Guard, Spain’s national law enforcement agency, triggering a formal investigation into the breach. Rather than succumbing to the cybercriminals’ demands, the city government of Sanxenxo prioritized system restoration through legitimate recovery channels.

The municipality implemented an emergency protocol centered on deploying daily backup procedures, a strategy designed to gradually reconstruct compromised systems without funding criminal actors. This methodical approach, though time-consuming, demonstrates a growing recognition among government institutions that ransom payments often incentivize future attacks rather than prevent them. The city’s resilience in rejecting the cryptocurrency demand reflects an institutional commitment to cybersecurity best practices and public trust preservation.

BTC2,6%

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.