Caritas-Betriebsführung- und Trägergesellschaft mbH (CBT), a Christian social enterprise based in Germany, suffered a ransomware attack that significantly impacted its IT systems. The incident was detected on September 5, 2024, when the ransomware group RansomHub listed CBT on the darknet, claiming to possess 263 GB of compromised data. The attackers demanded a ransom to be paid by September 14, 2024, threatening to publish the data if their demands were not met. The breach raised concerns about the exposure of sensitive personal information processed within CBT’s systems.
In response to the attack, CBT acted swiftly by shutting down its systems and implementing its emergency protocols, ensuring that resident care services remained uninterrupted. The organization collaborated with the relevant investigative authorities and promptly notified the data protection supervisory authority about the breach. Thanks to effective backup strategies, CBT was able to resume emergency operations shortly after the attack. However, technical analyses to assess the extent of the breach and restore normal operations are ongoing.
Investigations revealed that the attackers successfully encrypted parts of CBT’s systems and extracted data, some of which were reportedly leaked on the darknet. The organization continues to work closely with law enforcement and cybersecurity experts to mitigate the attack’s consequences and safeguard its remaining data. CBT has also intensified efforts to evaluate the potential risks posed by the leaked personal data, keeping the data protection authority informed of all developments.
Despite ongoing restoration efforts, CBT’s accessibility remains limited, with disruptions in its IT infrastructure. The organization is committed to ensuring transparency and resolving the incident promptly while upholding the trust of its residents and stakeholders. CBT’s robust emergency protocols have played a critical role in minimizing the impact of the cyberattack on its essential operations, especially in maintaining uninterrupted care for residents at its retirement and nursing homes.
Reference:
