A significant cyberattack has impacted 45 schools across Rhineland-Palatinate, Germany, following a breach of an external IT service provider’s systems. The attack, attributed to ransomware, disrupted services for both general education and vocational schools in multiple districts, including Germersheim and Speyer. According to reports, the attack was initiated on the night of January 15, when hackers infiltrated the provider’s systems, deploying encryption malware. While it is not yet clear which data has been compromised, the incident has affected numerous educational institutions.
The German authorities, including the LKA and the State Cybercrime Office of the Koblenz Public Prosecutor’s Office, are currently investigating the breach.
The IT service provider, whose identity has not been disclosed, is working to restore systems and connections, with the expectation that the recovery process will be completed by the end of the week. Despite the disruption, no data leaks have been confirmed, and the provider is conducting thorough checks to prevent further issues.
The attack’s scope appears to be more widespread than initially reported, with several other municipalities and regions feeling the effects of the breach. Areas affected include Herxheim, Rheinauen, Lambsheim-Heßheim, Bad Dürkheim, Limburgerhof, and Neustadt, in addition to the districts of Germersheim and Speyer. The service provider also serves medium-sized companies, broadening the impact of the ransomware attack beyond educational institutions.
Efforts to stabilize the situation are being accelerated by local authorities, with forensic experts assisting in the investigation. The city of Speyer is actively working to mitigate the damage, and authorities are hopeful that services will be back online soon. As the investigation progresses, the full extent of the breach and the identity of the attackers remain unknown.
Reference: