Cyber Incident Victim: Landeskirche Hannover
Date:
Feb 2024
Location:
Germany
Summary
A ransomware attack targeted the IT infrastructure of the Hannovers regional church, prompting precautionary shutdowns of central systems to prevent further spread. The breach affected the Landeskirchenamt, Haus kirchlicher Dienste, and Bischofskanzlei, causing significant disruptions to phone services and limited email functionality. Investigations are ongoing to determine whether regional church districts, offices, and congregations were compromised. The church-wide online council elections remained operational as they rely on external servers, which were unaffected; newsletter data for the elections was similarly secure. No ransom demands were made by the attackers. Authorities were notified and have launched an investigation, though the duration of system outages remains unclear.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 18, 2024, the Evangelical Lutheran Church of Hanover (Landeskirche Hannovers) experienced a cyberattack targeting its central IT infrastructure. Attackers deployed malicious software, identified in one source as ransomware, compromising systems at the Landeskirchenamt (Regional Church Office), Haus kirchlicher Dienste (House of Church Services), and the Bischofskanzlei (Bishop's Chancellery). Church spokesperson Benjamin Simon-Hinkelmann confirmed the organization proactively shut down segments of its computer systems following attack detection to prevent further technical infrastructure compromise. Immediate operational disruptions included complete loss of telephone connectivity and severely restricted email access across these three central administrative entities. The Landeskriminalamt (State Criminal Police Office) initiated an investigation, though no threat actors had claimed responsibility or issued ransom demands at the time of reporting. Technical teams were assessing potential collateral damage to church districts (Kirchenkreise), regional church offices (Kirchenämter), and local parishes (Kirchengemeinden) across Lower Saxony.
The attack did not affect the concurrently running online church council elections (Kirchenvorstandswahl), as election infrastructure and voter data resided exclusively on external service provider servers. Similarly uncompromised were subscriber databases for a new election-related newsletter managed through separate external systems. Duration of system outages remained undetermined as of February 19, with recovery timelines unspecified and updates directed to the church’s official website. While core administrative functions faced paralysis, the containment strategy of isolating compromised systems prevented identified lateral movement into election infrastructure. Forensic investigations continued to determine intrusion vectors, data exfiltration scope, and potential regional service interruptions beyond the confirmed Hannover-based institutions.