Cyberattack on schools in Rhineland-Palatinate: Is Lockbit behind it?

It is probably the biggest ransomware attack on German institutions so far this year: several dozen schools in Rhineland-Palatinate were infected with an encryption Trojan in mid-January. The gateway for the attack was probably the network of an external service provider. Its name has now appeared on the Lockbit gang's leak site.

As reported by theRheinpfalz newspaper, 45 schools in various cities and districts in Rhineland-Palatinate are affected. The attacks were probably carried out by an external service provider, who is now working on restoring the networks and servers, the newspaper continued.

Both the affected administrations and the Rhineland-Palatinate State Criminal Police Office, which has since been called in, initially remained silent about the details of the attack. Ransomware was involved and the service provider's corporate customers were also affected, they said. However, it remained unclear which gang was behind the attack, whether a ransom was being negotiated and which gang had attacked the school networks.

Lockbit claims responsibility for the attack

Now a telling entry has appeared on the Lockbit gang's darknet leak site: They attacked an IT service provider in Germany with over seventy connected schools and exfiltrated more than 3 TByte of data, the gang claims. The victim has until January 30, when the captured data will be offered for sale, Lockbit continues.

We have asked the affected service provider topackt and the responsible LKA to confirm Lockbit's claims and will update this report if necessary.

Ransomware attacks remain a major threat to companies and public institutions. After the devastating attack on Südwestfalen IT, municipalities and districts in Westphalia suffered the consequences for months. German companies rate cyber incidents as the greatest risk to their business, according to a survey conducted by Allianz.

(cku)