Cyber Incident Victim: Berufsbildungszentrum des Kantons Schaffhausen
Date:
Oct 2024
Location:
Switzerland
Summary
A vocational training center in Schaffhausen experienced a ransomware attack targeting its servers, exploiting a firewall vulnerability. The incident encrypted systems and blocked access, with attackers demanding payment, which the institution refused. Immediate response measures involved internal and external IT experts, collaboration with police, and notifications to federal cybersecurity authorities and the cantonal data protection office. While the attack disrupted IT infrastructure, educational activities resumed normally following autumn break. Ongoing forensic analyses aim to determine potential data exfiltration and restore system functionality, alongside implementing enhanced security protocols to prevent future incidents.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 2, 2024, the Berufsbildungszentrum des Kantons Schaffhausen (BBZ) experienced a cyberattack involving encryption malware deployed on its servers. The attackers exploited a security vulnerability in the institution's firewall, gaining unauthorized access to multiple systems and issuing a ransom demand. The incident was detected on October 3, 2024, prompting immediate collaboration between BBZ's internal IT staff, external cybersecurity specialists, and cantonal administration experts to contain the breach. Technical measures were implemented to isolate affected systems and prevent further compromise, with coordination from the Schaffhausen cantonal police. Authorities including the Federal Office for Cybersecurity and the cantonal data protection officer were notified, and a formal police report was filed. The attackers' financial demands were not acknowledged or fulfilled by the institution. While the BBZ's infrastructure was compromised, the broader IT systems of the Canton of Schaffhausen remained unaffected. Educational operations resumed as scheduled following autumn break, with no disruption to classroom activities.
Response teams prioritized securing systems and initiating forensic analysis to determine the attack's scope and potential data exfiltration. Specialists worked to restore encrypted data and rebuild compromised infrastructure while maintaining operational continuity. Ongoing investigations focused on identifying the extent of system access, data integrity impacts, and methods to strengthen defenses against future incidents. The BBZ communicated directly with staff, students, parents, and apprenticeship providers through official channels, including a dedicated helpline and website updates. A public statement from the cantonal education department was scheduled for October 21, 2024, to address broader community concerns. System recovery and vulnerability remediation efforts remained active as of the latest available reporting, with no confirmed timeline for full resolution. The institution acknowledged operational inconveniences resulting from the attack but maintained its commitment to data security throughout the response process.