Cyber Incident Victim: Canton of Bern

On November 22, 2023, the municipal administration of Zollikofen, Switzerland, experienced a disruptive ransomware attack that encrypted critical data and forced the complete shutdown of all ICT systems. The attack rendered essential digital services inoperable, severely impairing routine municipal operations. Employees became unreachable through standard communication channels, including email and telephone systems, indicating widespread infrastructure compromise. Municipal authorities initiated an immediate containment response by powering down affected systems to prevent further encryption or lateral movement by attackers. This operational suspension created significant service delivery disruptions for residents and businesses reliant on municipal functions. No specifics regarding the ransomware variant, initial attack vector, or ransom demands were disclosed in available reporting.

The municipality engaged an external cybersecurity service provider to conduct forensic analysis and assist with recovery efforts, though investigation findings remained undisclosed at the time of reporting. Operational continuity challenges persisted due to the prolonged system downtime required for remediation. The incident occurred amid heightened concern about cyber risks among Bernese small and medium enterprises, as documented in a contemporaneous survey by the Berner Gewerbeverband highlighting regional anxiety about inadequate cybersecurity preparedness. Zollikofen's experience demonstrated ransomware's capacity to disrupt critical public services through digital infrastructure compromise, though the full scope of data impact and restoration timelines were not publicly verified. Municipal authorities maintained operational silence regarding recovery progress beyond confirming the attack's occurrence and their engagement of specialist response resources.