DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

CZ: Three weeks after ransomware attack, Olomouc continues to recover while still being threatened by threat actors

Posted on April 28, 2021 by chum1ng0

On April 9, DataBreaches.net noted a report that the municipality f Olomouc had suffered a cyber attack on April 7. There were almost no details other than the municipality estimated it might take two weeks to fully restore services. Since then, a few more details have emerged.

We now know that it was the Avaddon threat actors who were responsible for the attack. They added Olomouc to their dedicated .onion leak site with a typical threatening message about what would happen if Olomouc did not pay their demand.

Threat actors list Olomouc on leak site
Screencap by DataBreaches.net

As proof of access and exfiltration, the threat actors posted some files allegedly exfiltrated from Olomouc’s server. Because we cannot translate images of scanned docs in another language, we are not posting any of them here lest they contain any personal information.

In any event, based on what happened next, it seems clear that Olomouc did not pay what NewsWep reports was a $100,000 demand for the decryption key (although other sources indicate that the ransom demand was considerably higher).  Reportedly in revenge, Avaddon threat actors began a DDoS attack on the municipality and has given them another 5-day deadline to comply (pay) or all files that they claim to possess will be dumped.

Avaddon has a history of using DDoS attacks in combination with their ransomware attacks to put additional pressure on victims to pay them.  At the time of this publication, the olomouc.cz site is online.

On April 27, Olomouc issued the following notice (translated):

Two and a half weeks after the start of the cyber attack, the services of almost all municipal agendas are available to the public. The exception is the Trade Licensing Office, but intensive work is being done to put its agenda into operation. Over the weekend, the same hacker group targeted attacks on the city’s public Web sites, causing complications on the city’s Web sites, which were shut down as a precaution after administrators promptly identified the attack.

All agendas of the City of Olomouc, with the exception of the trade department, are already in operation this week. So nowhere does a citizen come across an announcement that this or that agenda is not working. “In the case of some departments, such as property law, construction, environment, transport or local greenery and waste management, software support is not yet fully implemented. Folta. At the same time, IT specialists are working to make the operation of the municipal digital infrastructure and all special applications better, faster and, of course, safer every day.

There was also an attack on the city’s website over the weekend , when the same hacking group targeted attacks on web servers in order to eliminate their availability. “The IT team quickly detected the attack, took countermeasures, and shut down the servers as a precaution. Web portals will be limited in terms of functionality for now. it is a city for the restoration of infrastructure on its own, without the city paying the required ransom to the attackers, “Folta added.

Previous coverage by the municipality can be found here:

  • April 21 /  Municipality after cyber attack: some agendas now run in trial mode
  • April 17 /  Renewal of the municipal data network continues. The city encountered a wave of solidarity after the cyber attack
  • April 13 /  Hacker attack on the town hall: the million-dollar ransom city will not pay, the agenda will be fully renewed within two weeks
  • April 9 /  City Hall after the cyber attack: What works and what is still out of order?
  • April 7 /  The city network is paralyzed by a cyber attack. All municipal agendas remain out of order

Reporting by Chum1ng0. Additional reporting and editing by Dissent

 

 

 

 

 

in summary 17 days ago we had talked about this news that the municipality of Olomouc.eu was being attacked by a ransomware, this update wants to tell you who is behind the attack, the municipality is being extorted by the well known avaddon group, on their offer page they have 7 days left to pay the ransom, otherwise there would be exfiltrated information, meanwhile the page is down due to a DDoS attack.

 

Related posts:

  • Who is on TEKsystems Intel Leak
  • Operation PayBack Time Line
  • It: Union of Comuni Colli del Monferrato, cyber attack: hackers publish data
  • The Norwegian SA issues fine to the Municipality of Østre Toten for flawed information security
Category: Breach IncidentsGovernment SectorMalwareNon-U.S.

Post navigation

← Maine government website displayed mental health patients’ confidential information
Cancer patients in the State of Washington had their sensitive records hacked and dumped. Have they been notified? →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.