Following a cyber attack on the municipality of Rolle in the Swiss canton of Vaud, a number of sensitive data on residents and employees have been published on the darknet. The municipality had initially denied the attack, but ultimately admitted to having detected it at the end of May.
Data files on the darknet
The attack became public through the watson.ch platform. The news portal had come across the freely accessible data on the darknet and reported on it. Subsequently, several other media also found the apparently easily accessible data. These include registration data of the municipality’s residents, personal data of the municipality’s employees as well as evaluations of their performance, school reports from the municipality, documents on financial planning and the e-mail box of the former municipality president. Based on the documents found, Watson.ch assumes that the attackers had access to the municipality’s servers over a longer period of time and were able to repeatedly tap into data there.
The municipal administration initially stated to watson.ch that it had no knowledge of an attack on its digital infrastructure. However, when confronted with the publicly available data, the president of the municipality, Monique Choulat-Pugnale, finally admitted that such an attack had been noticed at the end of May. It had been a ransomware attack, presumably made possible by a vulnerability in the operating system used. The municipality did not pay a ransom, as it estimated that the attack was minor and that only emails were hacked that did not contain sensitive data. In addition, all data that had been encrypted during the attack had been restored from backups.
By all accounts, this process of recovery was not easy: it took ten days and was accomplished with the involvement of the federal computer emergency unit, the Vaud cantonal police and an IT company. Informing the public about the actual extent of the attack, which is now known, was not done for tactical reasons on the advice of IT experts, so as not to further increase the municipality’s vulnerability. In the meantime, the municipality has acknowledged a “certain naivety” in dealing with the incident and admitted to having underestimated the impact. A task force has been established to address the crisis, according to community sources.
Vice Society said to be behind attack
Watson.ch believes that the Vice Society group, which mainly attacks small and medium-sized businesses and public institutions, is behind the attack. It is said to have used the PrintNightmare vulnerability, a gap in the Windows printing system, to penetrate the community’s systems.