Cyber Incident Victim: Pfarrei Heilig Kreuz Winnweiler
Date:
Jan 2022
Location:
Germany
Summary
Hackers breached the server of a parish led by Carsten Leinhäuser, encrypting nearly all digital records including financial documents and worship service protocols, leaving only physically printed materials unaffected. The attackers demanded a Bitcoin ransom, but the parish opted to file a police report instead of paying, with Leinhäuser expressing low confidence in recovering the encrypted data. Operational capabilities were severely restricted, though email and phone communications remained functional; the incident was not believed to be a targeted attack against the parish or its high-profile advocacy efforts for same-sex blessings.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around January 1, 2022, unidentified computer hackers infiltrated the server of the Heilig Kreuz parish in Winnweiler, Germany, operated under Pfarrer Carsten Leinhäuser. The attackers encrypted all accessible parish data, rendering it unusable, and issued a ransom demand payable in Bitcoin cryptocurrency. The compromised data encompassed nearly all digital records maintained by the parish, including financial accounting documents and liturgical records such as service protocols. Leinhäuser confirmed that only physically printed materials stored in cabinets remained unaffected. The parish opted against negotiating with or paying the attackers, instead reporting the incident to law enforcement authorities. Leinhäuser publicly stated his assessment that recovery of the encrypted data was highly unlikely through technical means or cooperation with the criminals.
The cyberattack severely restricted parish operations, though basic communications via email and telephone remained functional. Leinhäuser, known nationally for his "#liebegewinnt" campaign advocating blessings for same-sex couples, indicated no evidence suggested the parish was specifically targeted due to his activism or public profile. He characterized the incident as opportunistic rather than personally or ideologically motivated. No technical details regarding the intrusion method, ransomware variant, or exact ransom amount were disclosed publicly. The incident disrupted administrative and pastoral workflows dependent on digital records, necessitating reliance on non-digital processes where possible. Law enforcement investigations proceeded without immediate public resolution.