Cyber Incident Victim: Enercon

On or around January 29, 2023, unidentified attackers breached servers belonging to seven schools in Karlsruhe, Germany. The intrusion involved unauthorized access to school systems, followed by the deployment of malicious software designed to encrypt system data. Affected institutions included the Adam-Remmele-Schule, Hardtschule, Schule am Turmberg, Grundschule Wolfartsweier, Markgrafen-Gymnasium, Realschule Neureut, and Erich-Kästner-Schule. The attack did not impact Karlsruhe’s vocational schools, which operated on separate IT infrastructure. Initial detection occurred shortly after the breach, prompting immediate intervention by municipal authorities. The attackers’ methods and motives remained unconfirmed, with no explicit ransom demands or data theft claims disclosed in public reporting.

Karlsruhe’s Office for Information Technology and Digitalization initiated containment measures by disconnecting all potentially compromised school servers from the network to prevent further damage. External cybersecurity experts were engaged to assist forensic investigations and system recovery. Operational disruptions ensued across pedagogical activities and administrative functions at the targeted schools due to server downtime. The city filed a criminal complaint with law enforcement and notified the Baden-Württemberg State Data Protection Commissioner of the incident. Restoration efforts involved systematic server reviews and security clearances before gradual reactivation. No evidence suggested broader municipal network compromise beyond the seven schools. The city committed to providing updates as the investigation progressed but disclosed no additional attacker attribution or technical specifics by the initial February 1, 2023, public statement.