As of: January 26, 2024, 11:10 a.m
Comments
Press
Split
Letters and numbers light up on a screen where a hacker program is open.
© Sina Schuldt/dpa/archive image
Three months ago, an attack on the municipal IT provider Südwestfalen-IT caused alarm.
According to the expert report, the hackers were unable to steal any data.
The more than 70 affected municipalities should breathe a little easier despite all the strain.
Hemer - In the cyber attack on the service provider Südwestfalen-IT with more than 70 affected municipalities in North Rhine-Westphalia three months ago, hackers did not steal any data from citizens.
An SIT company spokesman said this on Friday after external cyber security experts presented their final report on the attack by a hacker group the evening before.
The spokesman for Südwestfalen-IT in Hemer emphasized that personal data from residents of the affected cities, districts and municipalities were not leaked.
The criminals were able to penetrate the SIT network, but the quick emergency shutdown on the night of October 30th prevented the so-called ransomware attack from spreading to other systems.
There was therefore no attack on municipal systems, explained SIT spokesman Marcus Ewald.
What effects are there on site?
All clients and servers that were located in the municipalities were examined - they were not infected, the SIT spokesman told the German Press Agency.
Nevertheless, for safety reasons, devices still had to be replaced on site.
Everything has to be reinstalled, which takes a lot of time and means a lot of effort.
The services of the 70 municipalities with a total of around 1.7 million citizens were practically paralyzed or severely restricted at the end of October - varying in type and extent.
Since then, the disruption has been mitigated as much as possible on site with great effort and numerous emergency solutions.
Course of events and SIT reaction
The final report from external experts concluded that there was no data leak.
The quick emergency shutdown of the computers contained the attack.
Backups are not affected, so SIT can restore all data step by step.
According to the report, the hackers were able to overcome the VPN solution - actually intended as a secure tunnel into the internal network - and bypass other hurdles.
The security experts were unable to conclusively explain how they obtained the access data necessary for their intrusion.
The attackers then deployed ransomware malware.
The central investigating cybercrime unit ZAC NRW at the Cologne public prosecutor's office suspects a group called “Akira” is behind the cyber attack.
Ransom attacks are usually aimed at enforcing a ransom.
The criminals encrypt data and offer to make it available again in exchange for a ransom.
However, SIT had created backups - with the most current status, namely one day before the attack.
And SIT can restore this data because the backups remained undamaged, explained Marcus Ewald.
There was no contact with the criminals.
My news
The shortest river in Germany flows through a NRW town
Horrible sledding accident: 12-year-old pierced by branch read
Comedian Carolin Kebekus gave birth to her childread
Hundreds of greyhounds roam through German cities – that’s what’s behind it
The fastest tax office in Germany is in NRWlesen
Luise (12) killed: Freudenberg shocked by wave of hate - families of the perpetrators leave their place of residence
Several steps should move forward
According to SIT, all security gaps were closed when the system restarted.
“The highest priority continues to be the rapid restoration and safe reconstruction of the systems for operational functions,” emphasized SIT association head Theo Melcher in a statement on Thursday evening.
The “criminal, professionally executed ransomware attack” has significant impacts on both SIT, customers and citizens.
The forensic report presents measures to make the IT infrastructure more resistant to attacks.
Mirco Pinske is scheduled to take over as managing director on February 1st.
His most important tasks: Process the incident and draw conclusions.
What's next from a technical point of view towards normal operation?
It will take some time for normal operation.
A larger wave is currently underway and a second one is currently being prepared.
In the first wave with prioritized specialist procedures in areas such as registration, social services and motor vehicles, normal operations should return to normal by the end of the first quarter.
Basic operations, which had previously been restricted, were restarted in some places at the beginning of January - in many places, ID cards or passports can now be issued again or re-registrations can be made.
According to spokesman Ewald, a second wave will primarily include financial procedures.
Certain administrative acts such as housing benefit payments, tax collection or the issuing of traffic tickets would then be made possible again step by step in the normal procedure.
dpa