Cyber Incident Victim: Hochsauerland-Energie
Date:
Sep 2023
Location:
Germany
Summary
A cyberattack involving malware targeted Hochsauerlandwasser and Hochsauerland-Energie, compromising parts of their IT infrastructure and forcing a temporary shutdown of systems for security reasons. Customer service portals, billing systems, and financial operations were disrupted, with full restoration pending forensic verification to ensure malware eradication. While customer data theft remains unconfirmed, the utilities confirmed no disruption to water, electricity, or gas supply services. The attackers demanded ransom, but the companies refused payment on principle, citing ethical and security concerns, and filed a criminal complaint. Customer inquiries were redirected to alternative channels, though service modifications like payment adjustments remained delayed until systems resumed normal operations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around September 29, 2023, Hochsauerlandwasser GmbH (HSW) and HochsauerlandEnergie GmbH (HE), municipal utility providers in Germany’s Hochsauerland region, suffered a cyberattack involving malware infiltration. Attackers compromised segments of the companies’ IT infrastructure, forcing an immediate shutdown of affected systems for security reasons. The contamination disrupted customer-facing services, including online portals, billing systems, and financial operations. While core utility services—water, electricity, and gas delivery—remained uninterrupted, customer service portals (www.hochsauerlandwasser.de and www.hochsauerlandenergie.de), payment processing, and contract management tools became unavailable. HSW and HE initiated a forensic investigation to identify the malware’s scope and ensure its eradication, prioritizing system security over rapid restoration.
The companies confirmed no ransom payment was made, rejecting attacker demands on ethical grounds and operational uncertainty. Christoph Rosenau, managing director, emphasized that capitulating would incentivize further criminal activity. Service limitations persisted for several days post-attack, delaying October’s scheduled utility payments and preventing adjustments to billing or contracts. Customers could still submit inquiries via phone, email, or in-person visits to service centers in Bestwig, Bigge, and Meschede-Enste, though requests required manual processing until systems were fully restored. HSW and HE filed a criminal complaint against the perpetrators but disclosed no attribution details. The incident highlighted operational vulnerabilities in administrative and financial systems while underscoring the resilience of physical utility infrastructure. Forensic reviews and IT recovery efforts dominated the response, with no public evidence confirming data exfiltration or permanent service damage.