In a recent ransomware attack, local government services in western Germany were severely disrupted. The attack was initiated by an unknown hacker group who targeted Südwestfalen IT, the local municipal service provider, encrypting their servers.
Furthermore, this led to the company restricting access to its infrastructure for more than 70 municipalities, primarily in North Rhine-Westphalia. As a result, town halls in the affected region were heavily impacted by the cyberattack, with many services, including online offerings, remaining inaccessible.
The German city of Siegen, one of the affected areas, had to cancel appointments with citizens due to a major shutdown of its IT systems. City administrations, including Wermelskirchen and Burscheid, faced significant disruptions and were unable to access applications via Südwestfalen IT, affecting various aspects such as finances, citizen services, cemeteries, and registry offices.
While the online systems were down, the administrations tried to maintain in-person services, but their internal and external communication, including email and phone services, were largely nonfunctional.
German authorities, including the police and cybersecurity agencies, launched an investigation into the attack and worked to restore services for the impacted city administrations. The timing of the attack raised concerns as local governments typically conduct financial transactions at the end of the month, potentially hindering payments such as salaries, social assistance, and nursing care fund transfers.
Germany’s Federal Office for Information Security (BSI) is closely monitoring the situation and collaborating with the affected service provider, although they couldn’t provide further details due to the ongoing investigation. German prosecutors are also involved, aiming to determine the attack’s extent, the impacted services, and identify the responsible parties in what they expect to be a complex and lengthy investigation.