Cyber Incident Victim: Cluj County Council

On or around May 6, 2021, the Cluj County Council’s website became inaccessible, displaying a defacement message indicating a cyberattack. Threat actors claimed to have encrypted all files and retained a backup copy of the site, demanding a payment of $100 USD in Bitcoin to prevent the public release of the database and site files. The message instructed visitors to send the ransom to a specified Bitcoin address, presenting an immediate ultimatum. The council’s website subsequently returned an “account suspended” notification, confirming a disruption in service. Initial reports by Digi24 highlighted the unusual nature of the ransom demand, which was notably low compared to typical cyber extortion amounts. The attackers’ primary leverage was the threat of data exposure, though the council later clarified that only public data was involved, with no personal information compromised.

The Cluj County Council responded by identifying the exploited vulnerability and initiating remediation efforts. Specialists within the institution worked to restore functionality by leveraging a backup of the website, with recovery operations ongoing as of May 6. By the evening of the incident, partial service restoration was achieved, though optimization efforts continued. The council publicly confirmed the containment measures and data recovery process, emphasizing the absence of sensitive data exposure due to the public nature of the affected information. The incident caused temporary operational disruption to the website but did not result in prolonged downtime or verified data leaks. No further details regarding the identity of the threat actors or the specific vulnerability exploited were disclosed in the available reports.