A ransomware attack has targeted the city government of Sanxenxo, in Spain’s Galicia region, encrypting thousands of administrative files and blocking access to municipal systems.

According to ChainCatcher, the attackers demanded a ransom of $5,000 in Bitcoin in exchange for restoring access to the compromised data.

A ransomware attack forced Sanxenxo’s city government in Spain’s Galicia region to shut down municipal systems, with hackers demanding a $5,000 ransom in Bitcoin.

The cyberattack occurred on January 26, forcing a complete shutdown of municipal servers and disrupting essential public services. Sanxenxo, a coastal town with a population of more than 17,000 residents, relies on these digital systems for daily administrative and public operations.

City officials confirmed that the incident has been reported to the Spanish Civil Guard. Authorities have refused to pay the ransom, choosing instead to recover affected systems through daily data backups and internal restoration procedures.

The incident underscores the increasing vulnerability of local governments to ransomware attacks, as cybercriminals continue to target public institutions with limited cybersecurity budgets. While Bitcoin is frequently used as a payment method in such attacks, experts stress that the technology itself remains neutral, with illicit use representing a small fraction of overall blockchain activity.