Article Details

Hessen Consumer Center says systems encrypted by ransomware. The story has been updated to clarify that the Hesse Consumer Center is not part of the government. The Hessen Consumer Center in Germany has been hit with a ransomware attack, causing IT systems and disrupting the availability of its consumer advice center. Hessen is a state in central Germany with over six million people that encompasses Frankfurt, the country's second-largest metropolitan area and a major financial center. The Hessen Consumer Center is an organization that provides unbiased and neutral advice to the residents of Hesse about consumer law, telephone and internet, finance and insurance, energy saving, health and care, food and nutrition.  An announcement published yesterday on the organization's online portal says telephone and email communications have been impacted due to a cyberattack that occurred on Thursday, February 22. "Early on Thursday morning, there was an attack on the IT infrastructure at the Hessen Consumer Center," reads the announcement. (machine translated) "As a result, the Hessen Consumer Center could not be reached by telephone for a short time on Friday." Although the communication disruptions have been mostly addressed, and the website is fully operational, people continue to have trouble reaching the consumer advice center and consumer advocates. External IT security experts aid the organization's efforts to restore the availability of all communication channels in the impacted advice centers, but an estimate for a return to normal operations has not been given at this time. The more worrying aspect of the cyberattack is the possibility of a data breach that could have impacted Hessen citizens who have contacted the advice center. Ransomware actors often steal data from compromised networks before proceeding with the encryption step to use as leverage in the ensuing extortion phase. The advice center declared that they are in no position to determine whether any data had been stolen at this stage of the investigation but will inform affected individuals if and when a personal data compromise is confirmed. Hesse's consumer advice center clarified that it strives to store the minimum possible amount of data on its servers as part of its commitment to data protection. However, it did not mention what data types it holds. The state's data protection and IT security offices have been informed about the cybersecurity incident, and a criminal complaint has been filed with the Hessen police. By the time of writing this, none of the major ransomware operations had taken responsibility for last week's attack on the organization.