Cyber Incident Victim: Deutsches Rotes Kreuz, Kreisverband Mannheim
Date:
Feb 2024
Location:
Germany
Summary
The Deutsches Rotes Kreuz, Kreisverband Mannheim experienced a cyberattack overnight, prompting immediate containment measures including system-wide shutdowns that disrupted phone, email, and payment processing operations. Emergency services (112 and Hausnotruf) remained unaffected. Initial investigations indicate no evidence of data exfiltration or encryption, with firewall logs showing blocked unauthorized access attempts. The organization activated a specialist response team and involved state criminal authorities, estimating five-figure financial damages from mitigation efforts and external expertise. Operational disruptions forced temporary analog workflows, impacting staff scheduling for 160 rescue service employees, though services continue with expected delays.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the night of February 26-27, 2024, the Mannheim district association of the German Red Cross (DRK), which serves Mannheim, Weinheim, Hirschberg, Laudenbach, Heddesheim, Hemsbach, and Schriesheim, experienced a cyberattack. The organization's firewall detected multiple unauthorized access attempts targeting its servers, triggering an immediate security alert. DRK-Kreisgeschäftsführerin Christiane Springer confirmed the association implemented emergency protocols by powering down all IT systems to contain the breach, resulting in significant operational disruptions. Telephone and email communications became partially inaccessible across the district association's operations, while payment processing systems experienced temporary delays. A specialized response team was activated within hours to investigate the incident, assess potential data exposure, and coordinate system restoration efforts. The DRK concurrently notified the Baden-Württemberg Landeskriminalamt (State Criminal Police Office) to initiate forensic analysis.
Initial investigations revealed no evidence of data exfiltration or encryption of servers, with authorities confirming no ransom demands were issued. Critical emergency services, including the 112 emergency call line and Hausnotruf medical alert systems, remained fully operational throughout the incident due to architectural segregation from affected infrastructure. The shutdown forced 160 emergency medical service staff to revert to manual processes for scheduling and administrative tasks, described by Springer as a return to "analog operations." Financial damages were preliminarily estimated to reach a five-figure sum, primarily attributed to containment costs, external cybersecurity consultants, and operational downtime. Recovery efforts focused on gradual system restoration while maintaining analog contingency protocols, with the DRK advising stakeholders to contact 0621 3218-0 for urgent inquiries during the disruption period.