A ransomware gang has targeted the senior care operator of the city of Mönchengladbach with encrypted data, as reported by the Westdeutscher Rundfunk (WDR). The company, however, refuses to pay the demanded ransom.
Cybercriminals paralyzed the IT systems of the Mönchengladbach city subsidiary, Sozial-Holding, on Monday (March 17). This attack impacted both the company headquarters and the senior care homes operated by Sozial-Holding.
While the city stated that the care and support for the residents of the senior homes have not been affected, both the headquarters and the care homes are currently unreachable by phone or email.
The magnitude of the attack is described by CEO Helmut Wallrafen as “digitally incapacitated.” Servers have been encrypted, and employees no longer have access to data. According to the report, no personal data or care documentation has been stolen.
However, the Sozial-Holding website indicates that the perpetrators have stolen or manipulated data of residents, employees, and companies. This includes personal data, health and care information, employee data, access credentials, and company-related information. Sozial-Holding warns of the risk of unauthorized access to data leading to identity theft, phishing attacks, or fraud attempts.
The attack is believed to be carried out by a Russian hacker group demanding a ransom of approximately 100,000 euros and threatening to release the data on the Darknet. Despite this, the company has refused to pay the ransom and has reported the incident to the police. The timeline for the restoration of the IT systems remains uncertain.
Sozial-Holding employs around 1,000 staff members and operates seven senior care homes with approximately 600 long-term care beds, as well as offering short-term care options. Additionally, the company provides daily meals to schools and delivers “Meals on Wheels” primarily to elderly customers throughout the city.
The impact of the ransomware attack on the Sozial-Holding organization underscores the growing threat of cybercrime targeting critical service providers. The refusal to pay the ransom aligns with recommendations from cybersecurity experts who advise against funding criminal activities and instead emphasize strengthening cybersecurity measures to prevent future attacks.
As authorities work to investigate the incident and restore the affected IT systems, it serves as a reminder for businesses and organizations to prioritize cybersecurity preparedness to mitigate the risks posed by ransomware and other cyber threats.