Cyber Incident Victim: Amt Bergen auf Rügen
Date:
Nov 2024
Location:
Germany
Summary
Unknown attackers infiltrated the IT systems of Amt Bergen auf Rügen, encrypting servers with malicious software that caused temporary operational disruptions across municipal administration services. The compromise notably impaired email communications and other critical functions, though the exact intrusion timeline remains undetermined. Local authorities initiated a criminal investigation through the Anklam police department to identify the perpetrators responsible for this cyberattack targeting public infrastructure. Recovery efforts were underway to restore normal operations while addressing the security breach's consequences.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around November 1, 2024, unidentified attackers breached the IT systems of Amt Bergen auf Rügen, a municipal administration office in Germany. The intrusion occurred at an unspecified time prior to detection, with perpetrators deploying malicious software to encrypt the organization’s servers. This encryption attack disrupted administrative operations, particularly impairing email communications critical for public services and internal coordination. The incident forced a temporary operational shutdown as staff lost access to essential digital resources. Authorities confirmed the attack compromised core infrastructure but did not disclose the initial attack vector or duration of unauthorized access prior to system compromise. No information was released regarding whether data exfiltration occurred alongside the encryption activity.
The Bergen auf Rügen administration’s service interruptions persisted following the attack, with email systems remaining inaccessible during the initial disruption period. Anklam Criminal Police assumed investigative jurisdiction, though no suspect details, ransom demands, or attribution claims were disclosed publicly. Municipal operations faced functional limitations due to server unavailability, though the full scope of affected departments beyond email services remained unspecified. Recovery efforts and forensic analyses were underway as of the last reported update, with no restoration timeline provided. The incident highlighted vulnerabilities in local government IT infrastructure without revealing technical specifics about the malware or encryption methods employed.