Cyber Incident Victim: World Council of Churches
Date:
Dec 2023
Location:
Switzerland
Summary
The World Council of Churches experienced a ransomware attack during the holiday period, disrupting communication systems and rendering its website inaccessible. Attackers likely compromised the organization through phishing emails, leading to malware infiltration and data encryption. The incident impacted operations of the global body representing over 500 million Christians across 350 member churches. IT teams worked to restore systems while Swiss authorities investigated the attack, though it remains unclear whether ransom demands were issued.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The World Council of Churches (WCC), an international organization representing over 500 million Christians through approximately 350 member churches across more than 100 countries, experienced a significant ransomware attack during the Christmas period of 2023. The incident targeted the Geneva-based communications infrastructure of the WCC, also known as the Ökumenischer Rat der Kirchen (ÖRK), rendering nearly all communication systems inoperable and making the organization's website inaccessible. Initial evidence suggested the attack originated through phishing emails that deceived staff into clicking malicious links or opening infected attachments, enabling threat actors to deploy ransomware that encrypted critical data. While the specific ransomware variant remained unidentified, the attack followed standard patterns for such incidents by restricting access to systems and data. At the time of reporting, authorities had not confirmed whether the attackers issued a formal ransom demand for decryption keys or data restoration.
WCC General Secretary Jerry Pillay publicly condemned the attack while confirming that internal IT teams were working intensively to restore affected systems. The organization notified Swiss law enforcement and relevant regulatory authorities about the breach, though no specific investigative outcomes or threat actor attributions were disclosed. The disruption occurred while the WCC was led by Central Committee Chair Heinrich Bedford-Strohm, former head of Germany's Evangelical Church. Operational impacts included prolonged website downtime and compromised internal communications across the ecumenical body's global network. Both articles emphasized the growing trend of cyberattacks targeting religious institutions, though comparative data on such incidents remained unspecified by entities like the German Caritas Association. The WCC incident underscored operational vulnerabilities despite the organization's stature as a major international religious coordinating body.