Cyber Incident Victim: Notarkammer Pfalz
Date:
Jul 2024
Location:
Germany
Summary
A ransomware attack targeted the IT infrastructure of several notary organizations, including the Pfalz Chamber of Notaries, compromising databases and file servers. The malware encrypted portions of data and exfiltrated unstructured metadata containing personal information such as names, addresses, birthdates, contact details, and social security numbers. The incident prompted immediate containment measures, including network isolation, closure of the attack vector, internal notifications, and reporting to regulatory authorities and law enforcement. External forensic experts were engaged to analyze the breach. While the primary impact involved data encryption and confirmed theft, the organizations warned of potential secondary risks like targeted phishing campaigns or unauthorized data dissemination stemming from the exposed information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In the night of July 8-9, 2024, the Pfalz Chamber of Notaries and three affiliated Bavarian legal organizations (Notarkasse, Landesnotarkammer Bayern, and Bayerischer Notarverein) experienced a coordinated ransomware attack compromising their shared IT infrastructure. Malware infiltrated systems, encrypting portions of database servers and file storage while enabling unauthorized data exfiltration. Forensic analysis confirmed attackers accessed unstructured metadata repositories containing sensitive personal information including full names, residential and office addresses, birth dates, telephone numbers, email addresses, and social security numbers. The breach was detected during the overnight intrusion window, prompting immediate isolation of all affected systems from networks to contain further spread. Initial investigations revealed the malware established persistent access pathways before executing encryption routines and data theft operations targeting organizational servers.
Upon discovery, response teams severed all external network connections to halt ongoing attacker activity and closed the identified intrusion vector used by the ransomware. Internal staff at Notarkasse headquarters received immediate notification while mandatory breach disclosures were filed with legal oversight authorities, data protection regulators, and the Bavarian State Criminal Police Office. External cybersecurity contractors initiated forensic examinations to determine attack origins and full data compromise scope. Analysis confirmed the exfiltrated datasets could facilitate highly targeted phishing campaigns leveraging authentic personal details or enable secondary attacks through potential public data dumps. While encrypted systems remained inoperable post-attack, no evidence suggested manipulation or deletion of underlying records beyond the encryption and confirmed data theft. The organizations established dedicated email contacts for breach-related inquiries and directed individuals to monitor for suspicious communications referencing the compromised data categories.