A few days ago, the IT service provider Südwestfalen-IT was the victim of a cyberattack with ransomware. The provider then cut all lines and paralyzed all services, network access and homepages in 72 municipalities. Almost every municipality now has its own emergency plan so that contact with citizens can be re-established.
The IT provider SIT – Südwestfalen-IT has become the target of a cyber attack with ransomware, which is currently affecting the ability of local administrations to act. The 72 member municipalities from the association area in South Westphalia are affected, including the districts of Hochsauerlandkreis, Märkischer Kreis, Olpe, Siegen-Wittgenstein, Soest and several municipalities in the Rheinisch-Bergisches Kreis.
Ransomware attack on October 30.10th
According to the SIT, encrypted data was found on servers in the night from Sunday to Monday, indicating unauthorized external access. According to SIT, “Immediately afterwards, the technicians began analyzing and taking the first steps to limit the damage that night. The internal crisis team met on Monday morning.”
In order to prevent the malware from spreading within the network, the data center's connections to and from all municipalities in the association were cut. As a result, administrations are currently unable to access the specialized procedures and infrastructure provided by the SIT and are severely limited in their services to citizens.
LKA and BSI informed – emergency programs are starting
The SIT is in contact with the LKA, the BSI (Federal Office for Information Security) and external security service providers in order to obtain clarity as quickly as possible regarding the origin of the attack, to determine the extent of the attack and to harden the SIT's infrastructure. Meanwhile, the provider provides information about the status of things via the emergency page.
The communities help themselves as best they can. Because the entire IT system is paralyzed, including the land trip homepages. Some are already setting up new mini-networks internally, using Wi-Fi via mobile phone providers and distributing cell phones. Some are currently setting up emergency homepages and distributing the addresses. Here is a short list of information sources available in each district. New telephone numbers can also be found there.
This is how the district administrations can be reached
Attention: the browsers warn on some emergency homepages that they are not safe. It's you - the message occurs because there are no security certificates for the domain stored there yet. Simply click on “Continue to website”.
- Hochsauerlandkreis – informed via Facebook
- Märkischer Kreis - informed via Facebook
- Siegen-Wittgenstein/Olpe – informed via emergency homepage kreissiwi.de
- Soest – informed via Facebook
- Lüdenscheid – informed via emergency homepage www.luedenscheid.de