Cyber Incident Victim: Primăria Municipiului Timișoara
Date:
Aug 2024
Location:
Romania
Summary
A ransomware attack targeted Timișoara City Hall, its Fiscal Directorate, and Local Police, aiming to encrypt and block their IT systems. Security systems detected the intrusion, prompting immediate countermeasures with specialized contractors to prevent full compromise; no evidence suggests personal data exfiltration occurred. While most public online services remain operational, internal systems are undergoing restoration with support from national cybersecurity authorities. Temporary disruptions include suspended online/local tax payments and digital complaint submissions, with cash payments and phone-based reporting implemented as alternatives. The incident remains under investigation by the National Cybersecurity Directorate, with full system recovery efforts ongoing.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the night of Friday, August 24, 2024, Primăria Municipiului Timișoara detected a ransomware attack targeting its servers and those of two subordinate institutions: Direcția Fiscală a Municipiului Timișoara (DFMT) and Poliția Locală Timișoara. The municipality’s digital security systems identified the intrusion during its initial stages, prompting immediate activation of countermeasures by internal specialists and contracted cybersecurity firms. These actions prevented the compromise of the entire system infrastructure. Attackers sought to encrypt and block the city hall’s IT systems—a hallmark of ransomware operations where perpetrators typically demand payment for system decryption. Primăria Timișoara confirmed no evidence of personal data exfiltration from affected systems. The incident was promptly reported to national authorities, with the National Cybersecurity Directorate (DNSC) assuming investigative responsibilities. Municipality officials emphasized their refusal to engage with ransom demands, citing existing technical safeguards and rapid response protocols.
Throughout the weekend following the attack, municipal specialists executed system reset procedures to restore functionality while collaborating with DNSC experts. External-facing online services—including the Unified Portal, urban planning certificates, population registry appointments, citizen reports, and participatory budgeting platforms—remained operational without disruption. However, DFMT temporarily suspended online and card-based local tax payments at service counters, requiring cash transactions at DFMT offices or Primăria’s Room 12 starting midday August 26. Poliția Locală maintained complaint intake via telephone dispatchers after disabling online reporting channels. Internal administrative systems required extended recovery efforts coordinated with DNSC. The investigation remained ongoing at the time of reporting, with further details contingent on forensic findings. Operational impacts were confined to payment processing and internal workflows, with no public service interruptions beyond the specified payment and reporting channels.