Cyber Incident Victim: Kommunität Diakonissenhaus Riehen
Date:
Sep 2022
Location:
Switzerland
Summary
A ransomware attack by the LockBit group disrupted IT operations at a Swiss religious community and healthcare facility, causing loss of access to servers, files, printers, and applications alongside a ransom demand. The organization disconnected affected systems, conducted offline scans, reset credentials, and restored services without ongoing IT impacts. Attackers subsequently leaked approximately 17GB of allegedly stolen operational documents including event plans, meeting protocols, and cafeteria orders, though initial reviews suggested no exposure of sensitive employee or pastoral care data. While the institution confirmed data theft occurred, specific compromised information remained undetermined during their investigation. Authorities were notified and a criminal complaint filed, with the incident highlighting LockBit's pattern of targeting vulnerable entities regardless of sector.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The LockBit ransomware group claimed responsibility for a cyberattack targeting Kommunität Diakonissenhaus Riehen, a 19th-century Protestant deaconess community in Basel-Stadt, Switzerland, with approximately 50 resident sisters and 80 employees. Initial public confirmation of the attack emerged on September 9, 2022, when LockBit listed the organization on its darknet platform. The attackers issued a ransom demand and established a September 19 deadline for payment, threatening to publish stolen data. Upon discovering the compromise, the community disconnected all PCs from the network, conducted offline scans of components, reset passwords, and initiated restoration of affected systems and data. Operational impacts included temporary loss of access to server shares, files, printers, and applications, though email services and public websites remained functional throughout the incident.
On September 19, 2022, following the expiration of the ransom deadline without payment, LockBit released a 17 GB data package allegedly containing stolen files. Analysis by journalists revealed the cache consisted primarily of operational documents including meeting protocols, event planning materials, cafeteria purchase orders, and administrative records dated through 2022. The organization confirmed no evidence of sensitive personnel records or spiritual counseling documentation appeared in the leaked data. Kommunität Diakonissenhaus Riehen filed criminal charges with law enforcement and notified relevant regulatory authorities, while maintaining uncertainty regarding the full scope of exfiltrated information. Restoration efforts successfully returned IT systems to normal operational status, though investigations into data theft specifics remained ongoing at the time of reporting. The incident exemplified LockBit's operational pattern of targeting entities with vulnerable infrastructure regardless of sector or organizational size.