Cyber Incident Victim: Höhere Technische Bundeslehr- und Versuchsanstalt St. Pölten

On or around April 1, 2022, unidentified hackers deployed the "Black Cat" cryptotrojan against Höhere Technische Bundeslehr- und Versuchsanstalt St. Pölten (HTL St. Pölten) in Austria. The attackers infiltrated the school's network and successfully encrypted pedagogical materials, specifically Schulbücher (schoolbooks) used for educational purposes. The institution's layered cybersecurity defenses prevented broader compromise, protecting sensitive areas including student data, grades, and administrative systems through additional antivirus protections. The attack was rapidly detected by the school's internal IT specialists, who contained the intrusion before critical infrastructure could be affected. While the hackers accessed non-sensitive systems, they were unable to exfiltrate or encrypt protected data repositories.

HTL St. Pölten's incident response required the reinstallation of software on 1,100 affected computers to eliminate residual threats, though the process did not endanger academic operations such as the Matura (final exams). Director Martin Pfeffel filed a formal criminal complaint with authorities, though the investigation yielded no immediate attribution beyond suspicions of foreign involvement by the hacking group. No ransomware payment demands or communication with attackers were disclosed in available reports. The encryption of pedagogical materials caused temporary disruption to teaching resources, but core educational functions remained operational throughout the incident. Forensic analysis confirmed that the attackers gained no persistent access to secured network segments after initial detection.