Business Continuity Management / Disaster Recovery , Fraud Management & Cybercrime , Governance & Risk Management
Carinthia, Austria Approves Ransomware Recovery Plans
500,000 Euros Budgeted to Restore Affected Systems, Boost CybersecurityIn the aftermath of the BlackCat ransomware attack on May 24, 2022, that "severely affected" government services in Carinthia, Austria, the state has set aside a budget of 500,000 euros to restore services and boost its cybersecurity.
See Also: Preparing for New Cybersecurity Reporting Requirements
The budget was approved in a government meeting held on Tuesday, Peter Kaiser, the governor of Carinthia, said in a press briefing.
Kaiser also said that Carinthia would not meet the hackers' ransom demands.
While Kaiser did not elaborate on details of the budget allocations in the press conference, the minutes of the Carinthian government meeting, reviewed by Information Security Media Group, show that the funds will help with the procurement of a new "firewall system," as part of an immediate post-attack measure.
"According to the rules of procedure of the Carinthian state government, the basic approval for the already planned procurement of a Palo Alto firewall with a total amount of around 305,000 Euros as well as the order for a Rapid Response Service to the company NET-Solutions & EDV-Service GmbH that amounts to around 195,000 Euros - with some miscellaneous necessary expenditure has been approved," the minutes of the government meeting say.
Rebooting Amid Maximum Security
Tuesday's statement about the state's post-attack measures says that damage repairs, research, system restoration and "the forensic determination of the perpetrators have been going on for days," and Kaiser says: "Due to the permanent backup, which is carried out daily in the state administration, hardly any data has been lost due to the hacker attack."
He adds that the State's Constitutional Service and the State Criminal Police Office have been involved in the investigation from the start.
Kaiser says, "In any case, safety comes before speed, so as not to overlook anything, in order to be able to start up safely."
While the full restoration may take a while, he says that all those systems involved in disbursing social benefits will be a priority. The state's press service had reported that the system failures brought on by the attack delayed payment of basic services.
In a Wednesday statement, Gerd Kurath, head of the state press service, says that the state's electronic data processing system, which was affected by the attack, is functional again, allowing the issuance of passports to resume. "Appointments that had to be cancelled will be made up by the district authorities as soon as possible. Work is still underway to start up the telephone exchange," the statement says.
The state website, ktn[.]gv[.]at, which had been pulled offline as a security measure, is also expected to be restored soon. "Our homepage ktn.gv.at is also to be activated again in the course of the day," Kurath said on Wednesday.
Although there is no evidence yet of data being stolen during the attack, Kurath says an investigation is ongoing. "It is still not possible to prove whether the hacker group "Black Cat" actually obtained data. The investigations in cooperation with the police and the State Office for the Protection of the Constitution and Counter-Terrorism continue to run at full speed," Wednesday's statement says.
"We continue to ask for patience [as] it is important to start with secured applications first, in order to prevent further attacks," Kurath adds.
This is a developing story.