Cyber Incident Victim: Bjurholms kommun
Date:
May 2024
Location:
Sweden
Summary
Bjurholms kommun, a Swedish municipality in the government sector, experienced a severe ransomware attack by the RansomHub group, resulting in the theft of 100 GB of sensitive data and complete shutdowns of internal systems and external broadband services. The disruption caused significant operational challenges, with the Chief of Staff confirming the seriousness of the situation due to inaccessible critical infrastructure. RansomHub, operating as a Ransomware-as-a-Service provider, leverages Golang-based malware and typically targets entities across multiple countries, exploiting vulnerabilities inherent in government organizations that manage large volumes of confidential data and possess potential entry points from their employee base.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On May 30, 2024, the RansomHub ransomware group executed a cyberattack against Bjurholms kommun, a Swedish municipality in Västerbotten County with 201-500 employees. The attackers exfiltrated approximately 100 GB of data, forcing the shutdown of both internal systems and external broadband services. Chief of Staff Jimmy Johansson confirmed the severity of the incident, citing the complete loss of system access as critically disruptive to municipal operations. The attack paralyzed administrative functions, though specific departmental impacts were not detailed in available reports. RansomHub substantiated its claims by leaking portions of the stolen data, consistent with its operational pattern of validating attacks through evidence disclosure.
RansomHub operates as a Ransomware-as-a-Service (RaaS) entity, providing affiliates with ransomware strains written in Golang and retaining 10% of ransom payments while distributing 90% to attackers. The group has targeted organizations globally without discernible geographical focus, including entities in the US, Brazil, Indonesia, and Vietnam. Bjurholms kommun’s status as a government administration entity likely increased its attractiveness as a target due to the sensitivity of citizen data and essential public services. The municipality’s workforce size potentially expanded its attack surface, though specific vulnerabilities exploited were not disclosed. No ransom demands, payment status, or recovery timelines were publicly confirmed by municipal officials at the time of reporting.