Cyber Incident Victim: Onleihe

On April 18, 2022, EKZ—the service provider for the library lending application Onleihe—suffered a cyberattack that disrupted multiple systems. The attack rendered specific EKZ-operated websites and services unreachable, including ekz.de, ekz.at, ekz.fr, divibib.com, the divibib user forum, the divibib Pentaho statistics page, catalog data, and ID-Delivery. Library user-related systems for subsidiaries, such as online lending platforms (excluding eAudios and eVideos), LMSCloud, and email applications, remained operational. EKZ filed criminal charges with law enforcement and enlisted third-party specialists to assist in recovery efforts while its internal IT team assessed backup availability. The incident triggered a system failure at Onleihe, which relies on EKZ’s infrastructure, resulting in the deletion of copy-protected media files. This forced Onleihe to re-encrypt and re-upload affected content, causing ongoing disruptions to its lending services.

The attack impacted Onleihe’s ability to distribute audio, video, and e-book files. Users encountered streaming errors for audio and video content, while compromised e-books displayed only the first chapter or random content samples. Onleihe published a list of affected titles and instructed users to delete and redownload them from the platform. The platform’s user forums also became unavailable due to an unspecified technical issue unrelated to the media file disruptions. By April 28, 2022, EKZ had restored most systems, though invoice issuance and order processing faced delays due to offline shop equipment. The LockBit 2.0 ransomware group claimed responsibility for the attack and listed EKZ on its data leak site, publishing stolen data on April 28. EKZ did not explicitly confirm ransomware involvement in its public announcements, but the LockBit leak site entry corroborated the gang’s double-extortion tactics, typical of ransomware operations involving data theft and encryption.