The international hacker group “Lockbit” is behind the cyber attack on the municipality of Korneuburg. Interior Minister Gerhard Karner and Mayor Christian Gepp announced this information on Tuesday afternoon at a press conference in Korneuburg town hall. The network of cybercriminals and blackmailers was dismantled on Monday night by international authorities led by the British National Crime Agency (NCA).
As Karner reported, there were two arrests – one in Ukraine and one in Poland. The notorious group, which has been operating for around four years, no longer has at least part of its infrastructure under control. “The servers were shut down,” Karner said, saying investigators had essentially turned the tables on the fight against cybercriminals.
The fact is that the municipality was attacked by the “Lockbit” malware. As reported, the perpetrators encrypted all data. “Now there is an opportunity to reconstruct the data again,” says Karner. In any case, the conclusions of the Korneuburg case are incorporated into the investigation work.
Data from January 28th to February 2nd is gone for now
Remember: on the night of February 6, the city's IT specialist noticed anomalies and shut down. The hackers had probably already been on the municipal network for three days – “weekend workers”, as Mayor Christian Gepp described them. Two-thirds of servers and PCs are back up and running thanks to external data backup. Data from January 28th to February 2nd is currently unrecoverable and is still encrypted.
However, when attacking criminals, experts know the method and at best can provide suitable decryption tools.
City chief confirms ransom demand
It is not yet known who exactly is behind the attack on the municipality. Because “Lockbit” is the parent company that makes its malicious software available to several subsidiaries, which then encrypt the data and demand a ransom for release. Gepp confirmed the ransom request to the municipality during a press conference. He did not want to mention the value for tactical reasons.
The cyber attack mainly costs the city's human resources. “Employees have to work overtime”, explains Gepp and gives an example: “Registrations for kindergarten are now all done by email”. It will still be months before normal operation is achieved, he says.