Extent of the attack
In an unprecedented wave of digital attacks, numerous cities and districts in North Rhine-Westphalia (NRW) were targeted by hacker attacks in the early hours of Monday morning on the last day of October 2023. The municipal IT service provider Südwestfalen IT, which supports over 70 customers, was hit by an attack at 1.01 a.m., which paralysed online communication in particular and, in some cases, telephone connections. The exact number of offices affected is still uncertain, but it appears that the impact affected almost all towns and municipalities in the Märkischer Kreis, Olpe, Siegen and Soest.
Investigations and emergency measures
The Central and Contact Point Cybercrime (ZAC NRW) at the public prosecutor’s office in Cologne immediately launched an investigation. In Siegen, it was communicated via the intelligence service X that the administrations, including the district administration of Siegen-Wittgenstein and the municipal administrations in the region, cannot be reached until further notice. As a temporary solution, information desks have been set up in the town halls for urgent matters.
Disruptions to citizen services
Various administrative services are at a standstill. A spokesperson from Soest reported that the district administration is currently not operational, which is restricting the processing of citizens’ enquiries. The affected areas include the vehicle registration offices and the immigration authorities. Even though emails can be received in some cases, it was not possible to send them to the outside world. Citizens were advised to confirm their appointment by telephone before visiting the offices.
In the Hochsauerland district, a complete cancellation was reported and appointments at municipal facilities should not be made as the town halls are closed. Plettenberg communicated via Instagram that appointments cannot take place until Wednesday and asked citizens to reschedule existing appointments.
Partially functioning services
Some towns, such as Werdohl, were only partially affected, with telephone services still accessible, while email communication had to be cancelled. Employees were able to work to a very limited extent as long as they did not require any data stored on the Südwestfalen IT servers. The Herscheid municipal administration was also affected, with limited services in the town hall.
Data protection concerns
The city of Recklinghausen assures that so far there are no indications that personal data has been compromised. Meanwhile, there is great uncertainty as to whether a known Russian cybercrime group is behind the attacks or whether ransom demands are being made for the release of data.