At the end of May, the municipal administration of the tranquil town of Rolle in French-speaking Switzerland was the victim of a cyber attack. This became known to the public recently through research on the news portal watson.ch. The result of the attack: The data of all residents and other documents have been quite easy to find on the Darknet since mid-June, according to Watson.
Numerous sensitive data sets now in the Darknet
The news portal reports of a “massive data leak” and a “large amount of internal and confidential documents” that are accessible on the Darknet. Several media outlets investigated and found, in addition to detailed personal data on residents and those of community employees and companies, the Outlook mailboxes of the former mayor and the head of administration as well as documents relating to the community’s financial planning.
Even certificates with school grades from schoolchildren and information from children who were infected with the coronavirus can now be found on the Darknet. The annual assessments and comments can be seen from the community employees, writes the NZZ. Presumably, according to Watson, the criminals were able to access a server in the community for a long time and extract large amounts of data unnoticed.
The city council of Rolle initially claimed to Watson that it had no knowledge of a cyber attack, writes the news portal. Confronted by Watson with documents from the Darknet, the local government initially refused to comment. Then, last weekend, Mayor Monique Choulat-Pugnale finally admitted to the Vaud daily 24 heures that she had discovered a break in her IT systems at the end of May.
Mayor: “Minor attack”, no ransom paid
Cyber criminals entered the community’s computer network via ransomware attacks – presumably through a vulnerability in the operating system. The mayor stressed that the community had not paid a ransom. But it was only a “minor attack”. Only e-mails that contained “no sensitive data” were hacked, the president said. According to 24 heures, the mayor is also responsible for the IT systems of the community in Rolle. In a press release, the community finally announced that it had completely restored the data from current backups. But that was apparently difficult because the perpetrators had encrypted data on some administration servers and prevented access.
With the support of the Federal Computer Emergency Service (GovCERT), the Cantonal Police of Vaud and a specialized company, the IT systems were restored. However, this took ten days. Meanwhile, according to media reports, the community withheld the scope of the incident from the public – “on the advice of cybersecurity experts and in order not to increase the vulnerability of the community.”
Cyber criminals likely took advantage of “PrintNightmare” vulnerability
An IT specialist turned to Le Temps and reported that he had discovered an Excel spreadsheet on the Darknet with the sometimes sensitive data of 5393 residents of the community. The newspaper then exposed the full extent of the attack, thereby confirming the Watson article.
The Watson journalists attribute the attack to the cyber criminal group “Vice Society”, which, according to the IT security experts at Cisco Talos, specializes in attacks on small and medium-sized companies as well as on public institutions. The one used by the cyber criminals Ransomware is said to use the “PrintNightmare” vulnerability in the Windows printing system to have. Vice Society ransomware has been detected by experts since June and, according to their findings, is a variant of “HelloKitty” ransomware, which is also used for attacks on Windows and Linux IT systems, primarily for small to medium-sized targets.
“A certain naivete” admitted
Rolle local authority, which has filed criminal charges in the case, recently admitted it “underestimated the severity of the attack (and) the potential use of the data.” She admitted “with humility a certain naivety about what is at stake in dealing with the Darknet and malicious hacks” and said she had set up a task force to deal with the crisis. Yahoo and Nissan, among others, have their European headquarters in Rolle on Lake Geneva.