Extent of the attack

In an unprecedented wave of digital attacks, numerous cities and districts in North Rhine-Westphalia (NRW) became the target of hacker attacks in the early hours of Monday morning on the last day of October 2023. The municipal IT service provider Südwestfalen IT, which supports over 70 customers, was hit by an attack at 1.01 a.m., which primarily paralyzed online communication and, in some cases, telephone connections. The exact number of offices affected is still uncertain, but it appears that almost all towns and municipalities in the Märkischer Kreis, Olpe, Siegen and Soest have been affected.

Investigations and emergency measures

The Central and Contact Point Cybercrime (ZAC NRW) at the public prosecutor's office in Cologne immediately launched an investigation. In Siegen, it was communicated via the X news service that the administrations, including the Siegen-Wittgenstein district administration and the municipal administrations in the region, cannot be reached until further notice. As a temporary solution, information desks have been set up in the town halls for urgent matters.

Disruptions in citizen service

Various administrative services are experiencing a standstill. A spokesperson from Soest reported that the district administration is currently not operational, which is restricting the processing of citizens' inquiries. The affected areas include the vehicle registration offices and the immigration authorities. Even though emails can be received in some cases, it was not possible to send them to the outside world. Citizens were advised to confirm their appointment by telephone before visiting the offices.

In the Hochsauerland district, a complete shutdown was reported and appointments at municipal facilities should not be made as the town halls are closed. Plettenberg communicated via Instagram that appointments cannot take place until Wednesday and asked citizens to postpone existing appointments.

Partially functioning services

Some towns, such as Werdohl, were only partially affected, with telephone services still accessible, while email traffic had to be suspended. Employees were able to work to a very limited extent as long as they did not require any data stored on the Südwestfalen IT servers. The Herscheid municipal administration was also affected, with limited services in the town hall.

Data protection concerns

The city of Recklinghausen assures that so far there are no indications that personal data has been compromised. Meanwhile, there is great uncertainty as to whether a known Russian cybercrime group is behind the attacks or whether ransom demands are being made for the release of data.