Cyber Incident Victim: City of Angermünde
Date:
Mar 2021
Location:
Germany
Summary
A German city administration was rendered temporarily unavailable following a ransomware attack that encrypted its entire IT infrastructure, forcing the closure of all administrative services including citizen and registry offices. The incident disrupted email systems, telephone communications across multiple municipal facilities, and prevented appointment scheduling, though vaccination appointments proceeded unaffected. The municipality's IT team collaborated with external specialists to restore systems and recover encrypted data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around March 31, 2021, the City of Angermünde, Germany, experienced a disruptive cyberattack that forced the temporary closure of all administrative services. The attack involved an encryption Trojan, commonly referred to as ransomware, which compromised the city’s entire IT infrastructure. This led to immediate operational paralysis, with the city administration announcing a closure until at least April 7, 2021. All administrative departments were affected, including the citizens’ office and registry office, halting routine services such as appointment scheduling and document processing. Communication channels were severely disrupted, as administrative staff became unreachable via email, and telephone systems across multiple municipal facilities failed. The attack impacted not only the main administrative building in Heinrichstraße but also branch offices, the city archive, after-school care centers (“Am Mündesee” and “Abenteuerland”), and municipal daycare centers in Kerkow, Greiffenberg, Neukünkendorf, Frauenhagen, and Crussow. Only the central telephone number (03331-260013) and mobile phones for after-school care centers remained operational. The city prioritized public safety by confirming that scheduled COVID-19 vaccination appointments at Angermünde Town Hall on March 31 would proceed unaffected.
The city’s IT department, aided by an external cybersecurity specialist company, initiated recovery efforts to restore encrypted data and rebuild damaged systems. No data theft or additional attacker motives were disclosed in available reports. The incident caused significant public service interruptions, depriving residents of access to critical administrative functions during the closure period. Restoration work focused on decrypting systems, repairing network infrastructure, and reinstating communications. The attack underscored the vulnerability of municipal IT environments to disruptive malware, though no threat actor group or ransom demands were publicly identified. Recovery timelines and costs were not detailed in the initial announcement, leaving the long-term operational and financial impacts unquantified in open sources.