Cybercrime - We are online again
Approximately three quarters of a year after the devastating Cyberattack on the municipal service provider Southwestphalia IT (SIT), online services for citizens in the affected communes can once again be offered in full or nearly in their entirety. Around 70 communes with a total population of approximately 1.7 million people were affected by the criminal hacking attack at the end of October 2023.
Services were limited or completely shut down in varying degrees. Many communes worked with makeshift solutions, setting up emergency websites, more paper documents, telephone and personal contact channels.
Normal or near normal operation resumed in most cases
For instance, in the district of Soest, it is stated: "Update Cyberattack: We are back online. However, some services that we cannot offer as usual include i-Kfz, some forms, and our telephone directory. We ask for understanding!"
The Hochsauerlandkreis reports: "We are back! However, not all services can be offered yet. The employee directory is still not up-to-date. We are working on it." In Leichlingen in the Rheinisch-Bergischen District, the original internet appearance has been operational again for several weeks, and all online services are once again available.
Rebuilding to be completed in a few weeks
A spokesperson for SIT told the German Press Agency, the rebuilding should be completed by September 30th. "The technical procedures that are used extensively have already been rolled out and are once again available to the communes."
Concretely, it goes for the most important services such as, for example, the payment of social welfare, processing of housing benefit applications, vehicle registrations, services from resident registration offices or from registrars with procedures around births, marriages, deaths. This is functioning. Now, work is being done on procedures that are only used in individual communes. This will be achieved by the end of September.
SIT reacted to the cyberattack with additional personnel and technical security measures, the spokesperson explained. The recommended short-term measures have been implemented, and work is currently being done on medium-term and long-term measures.
Investigations against unknown parties are ongoing
The Cologne Public Prosecutor's Office reported that investigations are still ongoing against unknown parties. The hackers had used an extortion software and were demanding ransom, but they never received it. Cybersecurity experts came to the conclusion in their forensic final report that no personal data of the residents of the affected cities, districts, and municipalities had been leaked. The hackers were therefore unable to make any gains.
The Cologne Public Prosecutor Christoph Hebbecker from the central Cybercrime Unit ZAC NRW said, in this very complex and intricate procedure, no new developments had emerged yet. A group called Akira had claimed responsibility for the attack, but it was still unclear who was behind the group and whether they were actually responsible.
Short-term disturbances due to worldwide IT disruptions
On the previous Friday, some communes had to deal with disruptions in certain areas due to SIT shutting down the servers as a safety measure. A faulty software update from the manufacturer Crowdstrike had caused global computer problems. Crowdstrike had already reported having fixed the error by midday.
- The High Sauerland District, one of the affected areas, mentioned that some services are still not fully operational despite returning online.
- The rebuilding process following the cyberattack is nearly complete, as stated by the authorities at South Rhine-Westphalia IT (SIT).
- Authorities in the Hemer commune, located in North Rhine-Westphalia, faced temporary disruptions due to widespread IT issues caused by a faulty software update.
- Criminal investigations are ongoing against the unknown parties responsible for the cyberattack, according to the Cologne Public Prosecutor's Office.
- Despite the cyberattack, normal services such as social welfare payment, housing benefit applications, vehicle registrations, and services from resident registration offices are functioning once again.
