Cyber Incident Victim: Radio Geretsried

On the night leading to Sunday, September 15, 2024, unidentified attackers originating from the Russian region launched a disruptive cyberattack against Radio Geretsried’s core broadcast infrastructure. The assailants compromised the station’s transmission systems, encrypting all stored music files and rendering them inaccessible. This sabotage forced the station to switch to an emergency broadcast loop, depriving listeners of regular programming. The attackers issued a ransom demand to the station, though the exact financial amount was not disclosed in public communications. Radio Geretsried’s management team and the executive board of Bürgernetz Isar-Loisach e.V., the parent association overseeing the station, immediately initiated crisis response protocols. Technical staff worked to isolate affected systems to prevent further spread of the encryption malware. Initial assessments confirmed the attack targeted the station’s "heart" systems, specifically the music libraries and broadcast automation tools essential for daily operations.

The station’s music editorial team began exporting surviving playlists and recoverable data from uncompromised backups or secondary storage. Leadership announced plans to completely rebuild all infected systems from the ground up rather than attempting decryption or paying the ransom. This restoration process required significant time and resources, with service disruptions projected to persist until at least midweek following the attack. Radio Geretsried prioritized transparency, pledging to provide recovery updates through its website and Facebook page once operations normalized. The incident caused sustained operational downtime, impacting the station’s ability to deliver scheduled content and maintain audience engagement. No secondary disruptions to adjacent networks or partner stations were reported, suggesting the attack’s scope remained confined to Radio Geretsried’s primary broadcast infrastructure.