Ransomware: krybit claims lasevillanita.com (ES) — Hospitality and Tourism

On 22 May 2026, a ransomware group known as krybit published a claim on the ransomware.live leak site, targeting the domain lasevillanita.com, which operates in the hospitality and tourism sector in Spain. This publication indicates that the threat actor has exfiltrated data from the organisation and is threatening to release it unless a ransom is paid. The incident is flagged under the BREACH framework, which is used by some EU member states to track and report data security incidents.

The primary affected organisation is lasevillanita.com, a Spanish hospitality and tourism business. However, this event serves as a broader warning for all EU hospitality and tourism entities, particularly those in Spain, as they are increasingly targeted by ransomware groups. Compliance teams in this sector should be alert to the heightened risk of data exfiltration and operational disruption.

Compliance teams should immediately verify whether their organisation has any third-party or supply chain links to the affected entity. They should also review their own ransomware preparedness, including offline backups, incident response plans, and data breach notification procedures under GDPR. If any data exposure is suspected, teams must assess whether a notification to the relevant supervisory authority is required within 72 hours. Finally, they should monitor ransomware.live and similar sources for any further disclosures that may impact their organisation.