Socialpost

Complete News World

Investigation success – a group of perpetrators of the cyber attack on Korneuburg have been identified

Investigation success – a group of perpetrators of the cyber attack on Korneuburg have been identified

The international hacking group “Lockbit” is behind the cyber attack on the municipality of Korneuburg. Interior Minister Gerhard Karner and City Mayor Christian Gibb announced this information on Tuesday afternoon at a press conference in Korneuburg City Hall. The network of cybercriminals and extortionists was dismantled on Monday evening by international authorities led by Britain's National Crime Agency (NCA).

As Karner reported, two people were arrested, one in Ukraine and the other in Poland. The notorious group, which has been operating for about four years, no longer controls at least part of its infrastructure. “The servers have been shut down,” Karner said, saying investigators have essentially turned the tables in the battle against cybercriminals.

The truth is that the municipality was attacked by “Lockbit” malware. As reported, the perpetrators encrypted all data. “Now there's an opportunity to reconstruct the data again,” Carner says. In any case, the findings of the Korneuburg case have been incorporated into the investigative work.

Data from January 28 to February 2 is now gone

As a reminder: On the night of February 6, the city's IT expert noticed anomalies and pulled the plug. The hackers had likely already been on the municipal network for three days – “weekend workers,” as city mayor Christian Gibb described them. Two-thirds of servers and computers are now back up and running thanks to external data backup. Data from January 28 to February 2 is currently unrecoverable and still encrypted.

However, by beating the criminals, experts know the method and, at best, can provide the appropriate decryption tools.

The city mayor confirms the ransom demand

It is not yet known who exactly is behind the attack on the municipality. Because Lockbit is the parent company that makes its malware available to various affiliates, which then encrypt the data and demand a ransom for releasing it. Gibb confirmed the ransom demand to the municipality during the press conference. He did not want to mention the amount for tactical reasons.

A cyber attack primarily costs the city's human resources. “Staff have to work overtime,” Gibb explains, giving an example: “All kindergarten registrations are now done via email.” He says it will take months before normal operations can take place.