Ransomware Attack on Swiss City Exposed Citizens' DataRolle Officials Say They 'Underestimated the Severity' of Attack
Local officials with the city of Rolle, located near Lake Geneva in Switzerland, have acknowledged that they initially misjudged the impact of a recent ransomware attack that reportedly led to the leak of residents' data on the darknet.
Monique Choulat Pugnale, the administrative chief of Rolle, initially downplayed the impact, saying in a statement given to news agency 24 heures that it had been a "weak attack."
But after the Swiss news agency Watson reported that cybercriminals had posted a large number of confidential documents from the leak on a darknet extortion site, officials acknowledged last week that they had "underestimated the severity" of the incident.
The city issued a press release Aug. 25 saying it "regrets having underestimated the seriousness of the attack, the potential misuse of data and the importance of transparency for the population of Rolle. The administration recognizes with humility a certain naivete towards the stakes," according to Swiss news agency Le Temps.
The release of the data is the work of a ransomware gang known as Vice Society, according to the Watson report, which cited the work of an independent security researcher who worked with the publication and analyzed the data posted on the darknet.
Rolle has a population of just over 6,200, according to a December 2019 report, and it appears that the majority of the city's citizens have had their data exposed, according to Watson. This includes evaluation reports of municipality employees, the tax records of citizens and a multinational company, student records and notes from a local university, the Outlook mailboxes of the former mayor and the head of administration as well as documents related to the financial planning of the town.
Rolle is also a hub for some tech firms, as Yahoo and Cisco have offices in the city, according to an article in Le Temps.
In the statement provided to 24 heures, Choulat Pugnale confirmed the municipality had been hit by a ransomware attack but did not pay the attackers.
The city discovered the malicious attack on May 30, and it took 10 days for the systems to be fully restored, Choulat Pugnale said. The restoration was done from data backups with assistance from the Swiss federal government and an unnamed cyber company.
While relatively new, Vice Society has adopted a common double-extortion technique to target victims. Once the ransomware gang has encrypted files and systems, it then exfiltrates sensitive data and threaten to publish the information unless the victim pays the ransom, according to researchers (see: 7 Emerging Ransomware Groups Practicing Double Extortion).
The Vice Society ransomware gang appears to have used similar techniques earlier this month against Indianapolis, Indiana-based Eskenazi Health, which operates a public healthcare system in the U.S. (see: After Ransomware Attack, When Must Patients Be Notified?).
In addition, Cisco Talos researchers published a report earlier this month, noting that the Vice Society ransomware gang was also now one of several groups looking to exploit PrintNightmare, a series of remote code execution vulnerabilities affecting Windows Print Spooler - which enables devices to communicate with printers - as well as other printing features found in various versions of the Windows operating system (see: Ransomware Gangs Try to Exploit 'PrintNightmare' Flaws).