Now it's official: LockBit carried out the attack on the German Energy Agency - dena for short. On the APT group's leak page there is still a countdown until December 26, 2023. After that, all stolen data should be online. dena is now announcing accessibility again.
The German Energy Agency – dena – reported a cyber attack on the weekend of November 11th to 12th. The servers were paralyzed and accessibility was only possible to a limited extent, according to the homepage. According to its own information, dena can now be reached again. However, further IT protection measures are still in progress. There is now an entry about the attack and a countdown on LockBit's leak page. This suggests that dena is being blackmailed.
LockBit starts countdown for dena
dena announces on its homepage: “As things currently stand, as a result of the cyber attack on dena, unfortunately a risk to the data processed by our business contacts cannot be ruled out. This may also affect sensitive data, such as account details.” The assumption could be correct, as LockBit threatens on its leak page that it wants to publish the stolen data on December 26th
However, dena also announced that IT forensic experts are still investigating exactly which data was leaked. In addition, the entire IT infrastructure will be subjected to a complete review in order to ensure the greatest possible data security for the future. Only then does the German Energy Agency want to start up and use all systems again.
Does dena have valuable data?
According to dena, the type of data captured is sensitive, but not extremely sensitive. Since dena is a project company and a public company owned by the federal government, it will certainly not respond to the blackmail. The institute has more of an advisory role and prepares studies for many areas of the energy transition and climate protection. Why the agency should be a worthwhile target is unclear. It should also be clear to the attackers that a government institution will not pay a ransom if a ransomware attack has occurred. So you have to assume that it was a targeted disruption from which the attacker is hoping to gain something.
Dena describes itself in short form: “The German Energy Agency – dena for short is a competence center for applied energy transition and climate protection. dena looks at the challenges of a climate-neutral society and supports the federal government in achieving its energy and climate policy goals. Since its founding in 2000, the agency has been developing solutions, putting them into practice and bringing together partners from politics, business, science and all parts of society - nationally and internationally. dena is a project company and a public company owned by the federal government. The shareholder is the Federal Republic of Germany.”
More at dena.de