City of Novi Sad

The City of Novi Sad is a municipal government entity headquartered in Serbia, responsible for the administration and delivery of public services to its residents. As a local authority, it oversees essential civic functions and infrastructure, with its operations supported by information technology systems for administrative processes, data management, and service delivery. The city's reliance on digital networks is inherent to modern municipal governance, facilitating tasks from record-keeping to the coordination of public utilities. Its role is defined by statutory obligations to the community, managing resources and implementing policies within its jurisdiction. The scale of its operations, while not quantified in available materials, is consistent with a significant urban center serving a substantial population. The city's IT environment, like many public sector organizations, represents a critical component of its functional capacity, enabling continuity in everyday governance and citizen engagement.

In March 2020, the City of Novi Sad experienced a severe cybersecurity incident when its network was compromised by the PwndLocker ransomware group. The attack involved the encryption of the city's digital files and the exfiltration of sensitive data, with attackers demanding a Bitcoin ransom paid through a Tor-based portal while threatening to publish the stolen information. The ransomware payload actively disrupted the city's operations by disabling critical Windows services, terminating processes associated with security software and backup solutions, and deleting Shadow Volume Copies to eliminate recovery options. Specific file types and system directories were deliberately excluded from encryption, while affected files received extensions such as .key or .pwnd. Ransom notes placed on compromised systems directed victims to contact the attackers via designated channels, cautioning against third-party decryption efforts and asserting the attackers' exclusive control over decryption keys. The immediate operational impact included the incapacitation of backup systems and database services, hindering the city's ability to restore normal functions and illustrating the profound vulnerability of its technological infrastructure to sophisticated criminal tactics.