In Schwerin and the neighboring district of Ludwigslust-Parchim, an encryption Trojan has apparently paralyzed large parts of the public administration. The malware was discovered last night on the systems of the municipal company KSM / SIS, which provides the IT services for the administration of the state capital of Mecklenburg-Western Pomerania and the district as well as utilities. A crisis team meets in Schwerin, and the security authorities were called in.
“Our municipal IT service provider KSM / SIS has registered an attack with malware since last night and then had to shut down all of the network’s IT systems,” said the mayor of Schwerin, Rico Badenschier (SPD). Those responsible have not yet given any further details. It was “too early at the moment,” said Badenschier. “The SIS / KSM crisis team will initiate all necessary measures and provide regular information.”
Nothing works anymore
The attack has largely paralyzed the civil services of the city and the district. “At the moment there is actually no service in the houses of the district administration”, said the district administrator of Ludwigslust-Parchim, Stefan Sternberg (SPD), opposite the NDR. Citizens’ offices and other facilities such as the vehicle registration office are closed. Other municipal companies such as Verkehrsgesellschaft Ludwigslust-Parchim (VLP) are also affected. However, the fire brigade and rescue services were functioning normally as far as possible.
“From the current point of view, we have no access at all,” said Sternberg. All systems have been shut down. The specialists are currently trying to assess the extent of the damage. “We now have to look, server by server, where do we have encrypted data and how is it encrypted.” This is done in exchange with the police and other security authorities.
The attack on the central IT service provider of the municipalities suggests a very targeted approach, explained the SPD politician. A ransom demand has not yet been received. It is unclear whether data has leaked. “We do not assume that we have a data breach,” said Sternberg. So far it looks like “that we have software that encrypts programs”.
There are still no indications as to which malware has been used. However, the district administrator’s assumption that no data was leaked could still turn out to be incorrect. Behind such ransomware attacks are often coordinated teams of several attackers who calmly look around the target systems and copy data before they trigger the actual encryption software.
At the beginning of July, the district of Anhalt-Bitterfeld was the target of a ransomware attack and declared a disaster – the first in Germany due to a cyber attack. The disaster status should be maintained until the network is restored. The case also shows how long such an attack can have an impact: in Anhalt-Bitterfeld, people are cautiously optimistic that the attack will be ticked off by the end of the year.