BR24 reports that a municipality in Bavaria has been hit by a trojan with a ransom demand (translation):
When Ernst Walter turns on his computer, he can hardly believe his eyes. The executive director of the Kammeltal municipality in the Günzburg district can no longer open anything: “Instead of normal files, there was only a salad of letters.”
[…] “Fortunately, no security-relevant data is affected, we have outsourced it,” says Mayor Thorsten Wick. But many documents, forms and also the templates for the official journal are gone.
How the malware was injected is not yet confirmed but an email attachment is suspected.
Read more on BR.
What will be of special note to American readers is a statement in the news report that while thousands of attempts are send to different email addresses, if they end up at a municipality, it is more likely by chance (because):
Most criminals know that authorities cannot be blackmailed, unlike any other target group.
They cannot be blackmailed? What does that mean? That they can’t pay or just that they won’t pay? Authorities/municipalities here in the U.S. are targeted frequently — and successfully, in many cases. Is there something municipalities do elsewhere that would be a strategy American municipalities should adopt? There was a time when some municipalities agreed not to pay ransom, but that does not seem to have been adhered to strictly.
The municipality issued a statement (translation):
The Kammeltal Township computer system was attacked by a Trojan on April 14, 2021. Unfortunately, all files were corrupted or formatted as a result.
All necessary documents for party traffic are no longer available. Personal data is not likely to be affected. It is not yet known if data recovery is possible.
Police investigations began immediately.
We ask for your understanding in the near future if the processing takes longer than usual.
Thanks for your understanding.
The type of malware has not been disclosed.
Reporting by @Chum1ng0. Additional commentary added by Dissent.