{"id":7659,"date":"2022-07-12T17:13:19","date_gmt":"2022-07-12T15:13:19","guid":{"rendered":"https:\/\/www.retarus.com\/blog\/en\/forensics-carinthia-blackmailers-got-in-via-phishing-mail"},"modified":"2024-05-07T11:20:26","modified_gmt":"2024-05-07T09:20:26","slug":"forensics-carinthia-blackmailers-got-in-via-phishing-mail","status":"publish","type":"post","link":"https:\/\/www.retarus.com\/blog\/en\/forensics-carinthia-blackmailers-got-in-via-phishing-mail\/","title":{"rendered":"Forensics: Carinthia blackmailers got in via phishing mail"},"content":{"rendered":"\n<p>The Austrian state of Carinthia made headlines in May this year when it fell victim to a ransomware attack. In the meanwhile, the forensic investigations have been concluded. Once again, it was a phishing email that paved the way for the hackers.<\/p>\n\n\n\n<p>According to a <a href=\"https:\/\/futurezone.at\/digital-life\/hackerangriff-auf-kaernten-cyberattacke-daten-phishing-black-cat\/402068170\">report on \u201cFuturezone\u201d<\/a>, the \u201cBlack Cat\u201d ransomware gang already sent the phishing mail back in April and gained access to at least 250 gigabytes of data. Part of this data was later made public after Carinthia refused to pay the digital ransom demanded by the attackers. Some data may also have been sold on the darknet.<\/p>\n\n\n\n<p>The forensic analysis was carried out by an external consultant, who came to the conclusion that the attackers had access to only one file server. \u201cClosed systems\u201d containing sensitive data were not compromised at any stage \u2013 although one might actually expect \u201cinvoices, COVID test results and emails from state governor Peter Kaiser (SP\u00d6) and other government officials\u201d to be considered sensitive enough.<\/p>\n\n\n\n<p>By the way, the <a href=\"https:\/\/www.ktn.gv.at\/\">Carinthian<\/a> IT systems are still not fully operational. Only 100 of the state\u2019s 124 systems were functioning properly last Friday, according to the state press office.<\/p>\n\n\n\n<p>This incident again underscores that nowadays safeguarding the organization\u2019s email communication and providing email security awareness training for staff need to be considered fundamental, essential aspects of any IT security strategy. Part of their comprehensive <a href=\"https:\/\/www.retarus.com\/services\/email-security\/\">Email Security<\/a> portfolio, Retarus\u2019\u00a0<a href=\"https:\/\/www.retarus.com\/secure-email-platform\/\">Secure Email Platform<\/a>\u00a0includes a powerful phishing filter, while its gateway concept means that the service can be employed both independently or as a highly effective complement to the security functions offered by packages such as Microsoft 365 or Google Workplace.<\/p>\n\n\n\n<p>Find out more on our website or directly from your <a href=\"https:\/\/www.retarus.com\/contact\/\">local Retarus representative<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Austrian state of Carinthia made headlines earlier this year when it fell victim to a ransomware attack. In the meanwhile, the forensic investigations have been concluded. Once again, it was a phishing email that paved the way for the hackers.<\/p>\n","protected":false},"author":14,"featured_media":9993,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","_s2mail":"yes","footnotes":""},"categories":[8,15],"tags":[24],"dipi_cpt_category":[],"class_list":["post-7659","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-security","tag-phishing"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.7 (Yoast SEO v24.7) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Forensics: Carinthia blackmailers got in via phishing mail - Retarus Corporate Blog - EN<\/title>\n<meta name=\"description\" content=\"Das \u00f6sterreichische Bundesland K\u00e4rnten machte im Mai damit Schlagzeilen, dass es sich Ransomware eingefangen hatte. Inzwischen ist die Forensik des Angriffs abgeschlossen. Wieder einmal war es eine Phishing-E-Mail, die den Hackern T\u00fcr und Tor \u00f6ffnete.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.retarus.com\/blog\/en\/forensik-kaernten-erpresser-kamen-per-phishing-mail\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Forensics: Carinthia blackmailers got in via phishing mail\" \/>\n<meta property=\"og:description\" content=\"Das \u00f6sterreichische Bundesland K\u00e4rnten machte im Mai damit Schlagzeilen, dass es sich Ransomware eingefangen hatte. Inzwischen ist die Forensik des Angriffs abgeschlossen. Wieder einmal war es eine Phishing-E-Mail, die den Hackern T\u00fcr und Tor \u00f6ffnete.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.retarus.com\/blog\/en\/forensik-kaernten-erpresser-kamen-per-phishing-mail\/\" \/>\n<meta property=\"og:site_name\" content=\"Retarus Corporate Blog - EN\" \/>\n<meta property=\"article:published_time\" content=\"2022-07-12T15:13:19+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-07T09:20:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_153175439.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Thomas Cloer\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Thomas Cloer\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/forensik-kaernten-erpresser-kamen-per-phishing-mail\/\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/forensik-kaernten-erpresser-kamen-per-phishing-mail\/\",\"name\":\"Forensics: Carinthia blackmailers got in via phishing mail - Retarus Corporate Blog - EN\",\"isPartOf\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/forensik-kaernten-erpresser-kamen-per-phishing-mail\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/forensik-kaernten-erpresser-kamen-per-phishing-mail\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_153175439.jpg\",\"datePublished\":\"2022-07-12T15:13:19+00:00\",\"dateModified\":\"2024-05-07T09:20:26+00:00\",\"author\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5\"},\"description\":\"Das \u00f6sterreichische Bundesland K\u00e4rnten machte im Mai damit Schlagzeilen, dass es sich Ransomware eingefangen hatte. Inzwischen ist die Forensik des Angriffs abgeschlossen. Wieder einmal war es eine Phishing-E-Mail, die den Hackern T\u00fcr und Tor \u00f6ffnete.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/forensik-kaernten-erpresser-kamen-per-phishing-mail\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.retarus.com\/blog\/en\/forensik-kaernten-erpresser-kamen-per-phishing-mail\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/forensik-kaernten-erpresser-kamen-per-phishing-mail\/#primaryimage\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_153175439.jpg\",\"contentUrl\":\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_153175439.jpg\",\"width\":1920,\"height\":1080,\"caption\":\"Phishing Zugangsdaten Credentials\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/forensik-kaernten-erpresser-kamen-per-phishing-mail\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.retarus.com\/blog\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Forensics: Carinthia blackmailers got in via phishing mail\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#website\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/\",\"name\":\"Retarus Corporate Blog - EN\",\"description\":\"Always up to date\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.retarus.com\/blog\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5\",\"name\":\"Thomas Cloer\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/author\/thomasc\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Forensics: Carinthia blackmailers got in via phishing mail - Retarus Corporate Blog - EN","description":"Das \u00f6sterreichische Bundesland K\u00e4rnten machte im Mai damit Schlagzeilen, dass es sich Ransomware eingefangen hatte. Inzwischen ist die Forensik des Angriffs abgeschlossen. Wieder einmal war es eine Phishing-E-Mail, die den Hackern T\u00fcr und Tor \u00f6ffnete.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.retarus.com\/blog\/en\/forensik-kaernten-erpresser-kamen-per-phishing-mail\/","og_locale":"en_US","og_type":"article","og_title":"Forensics: Carinthia blackmailers got in via phishing mail","og_description":"Das \u00f6sterreichische Bundesland K\u00e4rnten machte im Mai damit Schlagzeilen, dass es sich Ransomware eingefangen hatte. Inzwischen ist die Forensik des Angriffs abgeschlossen. Wieder einmal war es eine Phishing-E-Mail, die den Hackern T\u00fcr und Tor \u00f6ffnete.","og_url":"https:\/\/www.retarus.com\/blog\/en\/forensik-kaernten-erpresser-kamen-per-phishing-mail\/","og_site_name":"Retarus Corporate Blog - EN","article_published_time":"2022-07-12T15:13:19+00:00","article_modified_time":"2024-05-07T09:20:26+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_153175439.jpg","type":"image\/jpeg"}],"author":"Thomas Cloer","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Thomas Cloer","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.retarus.com\/blog\/en\/forensik-kaernten-erpresser-kamen-per-phishing-mail\/","url":"https:\/\/www.retarus.com\/blog\/en\/forensik-kaernten-erpresser-kamen-per-phishing-mail\/","name":"Forensics: Carinthia blackmailers got in via phishing mail - Retarus Corporate Blog - EN","isPartOf":{"@id":"https:\/\/www.retarus.com\/blog\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.retarus.com\/blog\/en\/forensik-kaernten-erpresser-kamen-per-phishing-mail\/#primaryimage"},"image":{"@id":"https:\/\/www.retarus.com\/blog\/en\/forensik-kaernten-erpresser-kamen-per-phishing-mail\/#primaryimage"},"thumbnailUrl":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_153175439.jpg","datePublished":"2022-07-12T15:13:19+00:00","dateModified":"2024-05-07T09:20:26+00:00","author":{"@id":"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5"},"description":"Das \u00f6sterreichische Bundesland K\u00e4rnten machte im Mai damit Schlagzeilen, dass es sich Ransomware eingefangen hatte. Inzwischen ist die Forensik des Angriffs abgeschlossen. Wieder einmal war es eine Phishing-E-Mail, die den Hackern T\u00fcr und Tor \u00f6ffnete.","breadcrumb":{"@id":"https:\/\/www.retarus.com\/blog\/en\/forensik-kaernten-erpresser-kamen-per-phishing-mail\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.retarus.com\/blog\/en\/forensik-kaernten-erpresser-kamen-per-phishing-mail\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.retarus.com\/blog\/en\/forensik-kaernten-erpresser-kamen-per-phishing-mail\/#primaryimage","url":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_153175439.jpg","contentUrl":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_153175439.jpg","width":1920,"height":1080,"caption":"Phishing Zugangsdaten Credentials"},{"@type":"BreadcrumbList","@id":"https:\/\/www.retarus.com\/blog\/en\/forensik-kaernten-erpresser-kamen-per-phishing-mail\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.retarus.com\/blog\/en\/"},{"@type":"ListItem","position":2,"name":"Forensics: Carinthia blackmailers got in via phishing mail"}]},{"@type":"WebSite","@id":"https:\/\/www.retarus.com\/blog\/en\/#website","url":"https:\/\/www.retarus.com\/blog\/en\/","name":"Retarus Corporate Blog - EN","description":"Always up to date","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.retarus.com\/blog\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5","name":"Thomas Cloer","url":"https:\/\/www.retarus.com\/blog\/en\/author\/thomasc\/"}]}},"_links":{"self":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts\/7659","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/comments?post=7659"}],"version-history":[{"count":9,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts\/7659\/revisions"}],"predecessor-version":[{"id":10429,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts\/7659\/revisions\/10429"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/media\/9993"}],"wp:attachment":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/media?parent=7659"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/categories?post=7659"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/tags?post=7659"},{"taxonomy":"dipi_cpt_category","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/dipi_cpt_category?post=7659"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}