For more than two weeks, authorities in Austria have been trying to deal with a massive security breach of government systems in the state of Carinthia.
The primary victims seem to be foreigners, as the data leaked from departments that deal with immigration and citizenship issues.
A relatively simple phishing attack, when a hacker creates a fake email or webpage to give the appearance of official communication and asks the victim to click on a link, was how the IT systems in the state were first breached.
The malware entered the system, encrypted data, and now the responsible group, known as Black Cat, has been demanding a ransom to give access to precious information back to authorities.
Additionally, several consecutive attacks have blocked services and taken official websites off the air – though most of these have been restored.
The main issue now is that the hackers threaten Austrian authorities by leaking data from thousands of residents online. Some private information has already been revealed.
What kind of data do they have?
It has been difficult to ascertain how widespread the attack is, as the local government hasn’t been fully transparent. At first, they denied an attack, then they said the data breach concerned “only” public servants.
However, media reports have shown that entire files had actually been published online, including ID cards, passports, and corona test results from residents in Carinthia, a state in the south of Austria home to more than 560,000 people.
The groups that seem to be most affected are some 80,000 foreigners who have been granted a residence permit in the state since 1999, spokesperson of the state Gerd Kurath told a press conference.
“Data was read, but whether it was also stolen is still unclear”, he said.
The hacker group also gained access to event management services, possibly retrieving data, including contact details and payment information from over 4,000 people and companies.
Finally, they also have government correspondence, including from the office of the governor Peter Kaiser (SPÖ).
What will they do with the information?
Ransomware works much like a hostage situation, except instead of people, criminals hold information. The group has blocked access to the information and is demanding $ 5 million as a ransom payment, which the government says they won’t pay.
They threaten to leak the data if the payment is not made. Still, it is unclear how much of the blocked information they can retrieve from government sites and leak.
If they do sell or publish data, people could have their identities stolen. The government says that if citizens become victims of identity theft, they will be informed about it.
What can I do now?
The state of Carinthia has set up an information hotline available every day from 8 am to 12:30 pm. People can call the line at 050 536 53003. However, no personal information, such as whether or not your own data has leaked, will be given at this moment.
At the moment, there is not much else people can do, data protection specialist Thomas Lohninger told Der Standard.
Austria is not well prepared in terms of IT security, he says. The country needs to invest more in preventing attacks, according to the specialist. “This includes a secure architecture and training employees”.
Most cyberattacks, including this one, start with human error – clicking on a wrong link – and proper training is essential to prevent them.
Private citizens should also refrain from sharing personal information online as much as possible – of course, that is impossible when sharing information with public authorities.
“It does not help that there is no risk of a penalty for the loss of personal data for the public sector”, Lohninger adds.