Cyber Incident Victim: Gemeinde Zollikofen

On November 22, 2023, the municipal administration of Zollikofen in the Canton of Bern, Switzerland, experienced a disruptive ransomware attack that compromised its operational capabilities. Attackers successfully encrypted municipal data, forcing the immediate shutdown of all ICT systems as a containment measure. This action rendered critical digital services inoperable and severed standard communication channels, leaving employees unreachable by email or telephone. The systemic outage disrupted routine administrative functions and public service delivery, though the specific departments or services affected beyond general communications were not detailed in available reports. Municipal authorities initiated an investigation into the incident with assistance from an external cybersecurity service provider, though the identity of this provider and the ransomware variant involved remain unspecified. No evidence of data exfiltration or ransom demands was disclosed in initial reports.

The attack caused sustained operational paralysis, with no immediate timeline provided for restoring systems or services. The shutdown of telephony infrastructure compounded the disruption, limiting both internal coordination and public access to municipal offices. While financial losses or data compromise were not quantified, the incident highlighted vulnerabilities in the municipality’s digital infrastructure during a period of heightened cyber risks acknowledged by Swiss regional authorities. The investigation remained ongoing, focusing on forensic analysis of encrypted systems and mitigation of further risks. No attribution to specific threat actors or details regarding initial attack vectors were publicly confirmed at the time of reporting.