Forensics: Carinthia blackmailers got in via phishing mail

Forensics: Carinthia blackmailers got in via phishing mail

The Austrian state of Carinthia made headlines in May this year when it fell victim to a ransomware attack. In the meanwhile, the forensic investigations have been concluded. Once again, it was a phishing email that paved the way for the hackers.

According to a report on “Futurezone”, the “Black Cat” ransomware gang already sent the phishing mail back in April and gained access to at least 250 gigabytes of data. Part of this data was later made public after Carinthia refused to pay the digital ransom demanded by the attackers. Some data may also have been sold on the darknet.

The forensic analysis was carried out by an external consultant, who came to the conclusion that the attackers had access to only one file server. “Closed systems” containing sensitive data were not compromised at any stage – although one might actually expect “invoices, COVID test results and emails from state governor Peter Kaiser (SPÖ) and other government officials” to be considered sensitive enough.

By the way, the Carinthian IT systems are still not fully operational. Only 100 of the state’s 124 systems were functioning properly last Friday, according to the state press office.

This incident again underscores that nowadays safeguarding the organization’s email communication and providing email security awareness training for staff need to be considered fundamental, essential aspects of any IT security strategy. Part of their comprehensive Email Security portfolio, Retarus’ Secure Email Platform includes a powerful phishing filter, while its gateway concept means that the service can be employed both independently or as a highly effective complement to the security functions offered by packages such as Microsoft 365 or Google Workplace.

Find out more on our website or directly from your local Retarus representative.

Tags:

Submit a Comment

Your email address will not be published.