Lock Germany

The story incorrectly stated that the Hessen state in Germany was attacked. The story has been updated to clarify that the Hessen Consumer Center is not part of the government.

The Hessen Consumer Center in Germany has been hit with a ransomware attack, causing IT systems to shut down and temporarily disrupting its availability.

Hessen is a state in central Germany with over six million people that encompasses Frankfurt, the country's second-largest metropolitan area and a major financial center.

The Hessen Consumer Center is an non-profit organization that aims to provide unbiased and neutral advice to the residents of Hessen about consumer law, telephone and internet, finance and insurance, energy saving, health and care, food and nutrition. 

An announcement published yesterday on the organization's online portal says telephone and email communications have been impacted due to a cyberattack that occurred on Thursday, February 22.

"Early on Thursday morning, there was an attack on the IT infrastructure at the Hessen Consumer Center," reads the announcement. (machine translated)

"As a result, the Hessen Consumer Center could not be reached by telephone for a short time on Friday."

Although the communication disruptions have been mostly addressed, and the website is fully operational, people continue to have trouble reaching the consumer advice center and consumer advocates.

External IT security experts aid the organization's efforts to restore the availability of all communication channels in the impacted advice centers, but an estimate for a return to normal operations has not been given at this time.

The more worrying aspect of the cyberattack is the possibility of a data breach that could have impacted Hessen citizens who have contacted the advice center.

Ransomware actors often steal data from compromised networks before proceeding with the encryption step to use as leverage in the ensuing extortion phase.

The advice center declared that they are in no position to determine whether any data had been stolen at this stage of the investigation but will inform affected individuals if and when a personal data compromise is confirmed.

"The data on the server and some backup systems is currently encrypted. It is not yet clear whether or which data has been leaked. As soon as it becomes clear, those affected will be informed." - Hessen Consumer Advice Center.

Hessen's consumer advice center clarified that it strives to store the minimum possible amount of data on its servers as part of its commitment to data protection. However, it did not mention what data types it holds.

The state's data protection and IT security offices have been informed about the cybersecurity incident, and a criminal complaint has been filed with the Hessen police.

By the time of writing this, none of the major ransomware operations had taken responsibility for last week's attack on the organization.

Update 2/28 - The Blackcat/ALPHV ransomware gang has claimed the attack at the Hessen Consumer Center and published data samples on its extortion page on the dark web.

Hessen

 

Related Articles:

Steel giant ThyssenKrupp confirms cyberattack on automotive division

Rhysida ransomware wants $3.6 million for children’s stolen data

UnitedHealth subsidiary Optum hack linked to BlackCat ransomware

Critical infrastructure software maker confirms ransomware attack

German battery maker Varta halts production after cyberattack