HQ/EMEAFind out how we can help your business
A widespread ransomware attack has disrupted operations in 70 municipalities in Germany, primarily in the western part of the country.
Earlier this week, an unidentified hacker group encrypted the servers of Südwestfalen IT, the local municipal service provider. The affected company has immediately restricted access to its infrastructure for over 70 municipalities, primarily within North Rhine-Westphalia, to isolate the malware and prevent further spread. This attack severely restrained local government services, rendering most town halls in the region non-operational.
On the day of the attack, the city of Siegen had to cancel citizen appointments due to the shutdown of most of its IT systems, with most online services still unavailable as of Tuesday. Similar issues have fallen in the cities of Wermelskirchen and Burscheid, where various aspects of municipal functions, including finances, resident services, cemeteries, and registry offices, were impacted by the disruption.
Still, the affected administrations try to provide their services through pen-and-paper, but their internal and external communication, such as email and phone systems, remains non-functional.
The German authorities cooperate with third-party cybersecurity providers to address the ransomware attack against their municipalities.
Reports revealed that German law enforcement and cybersecurity agencies are actively investigating the breach and are working diligently to restore services to the affected municipalities affected by the ransomware attack.
Unfortunately, the lack of specific details and the ongoing nature of the investigation for the involved parties have made assessing the ransomware attack very challenging for the authorities. The timing of the attack has also negatively factored since it coincides with the end-of-month financial transactions typically conducted by local governments, potentially affecting payments like salaries, social assistance, and nursing care fund transfers.
The Federal Office for Information Security (BSI) in Germany is aware of the security incident. It is in contact with the impacted service provider, although it cannot reveal further details due to the ongoing investigation.
German prosecutors involved in the case are working to assess the scope and the extent of the damage, identify which services have suffered disruptions, and identify the responsible individuals, anticipating a complex and lengthy investigation.
Citizens of the affected towns should be vigilant with their online presence since the threat actors could strike again in the following weeks.
