What happened in the Südwestfalen-IT (S-IT) security incident of 2023?
On 29 October 2023 the IT service provider Südwestfalen-IT was hit by a ransomware attack that encrypted data and crippled services for the German municipalities it served.
S-IT is an IT service provider for municipalities and administrations (Kommunen/Gemeinden). The attack encrypted data on its devices and then demanded a ransom to decrypt it — a classic ransomware extortion (sometimes including a threat to leak data). The provider engaged an external incident-response team and applied mitigation and recovery measures, but restoration took several months and was not fully complete even afterwards. The total damage could not be conclusively estimated and had to be borne by the affected municipalities. A published forensic report later made the case a useful teaching example.
Go deeper:
Cyberangriff auf die Südwestfalen-IT 2023 (KommunalWiki) — Akira-Ransomware, ~72 Kommunen betroffen, monatelange Wiederherstellung, forensische Befunde (fehlende MFA).