Cyber Incident Victim: Stadt Weiz

On May 27, 2020, the Austrian village of Weiz experienced a ransomware attack attributed to the NetWalker group. The attackers compromised the municipality’s public service systems through phishing emails disguised as COVID-19 coronavirus information updates. Employees within Weiz’s public infrastructure clicked malicious links in these emails, triggering the deployment of ransomware. Cybersecurity firm Panda Security analyzed the attack, identifying it as a newer variant of ransomware propagating through VBScripts. Upon infection, the malware terminated Windows processes and services, encrypted files across all accessible disks, and deliberately eliminated backup data to hinder recovery efforts. This encryption disrupted municipal operations reliant on digital systems, particularly impacting building application and inspection services.

The attack resulted in the theft and subsequent leakage of sensitive data related to building permits and inspections. Weiz’s status as an economic center in the Oststeiermark region—hosting production plants for major corporations like Magna, Strobl Construction, and Lieb-Bau-Weiz—suggested the intrusion may have been deliberately targeted rather than opportunistic. NetWalker had previously conducted similar ransomware campaigns against healthcare institutions globally, including a March 2020 attack on Spanish hospitals that also employed COVID-19-themed phishing lures. The incident underscored the group’s focus on exploiting pandemic-related anxieties to infiltrate critical infrastructure, though specific containment measures or financial demands by Weiz authorities were not detailed in available reports. Operational disruptions and data exposure remained the primary documented consequences for the municipality.