The personal details of over 6,200 residents of the Swiss town of Rolle were stolen after a ransomware attack. The incident occurred when the town’s administrative servers were compromised and sensitive documents exfiltrated. Later the files were published on the dark web.
At first, the town’s government tried to downplay the incident, claiming that only a small amount of data was stolen and the data has been restored from backups.
According to administrative chief Monique Choulat Pugnale told the Swiss daily 24 only the town’s email servers were affected by the attack, and they “did not contain any sensitive municipal data.”
The attack was carried out by the Vice Society ransomware group, which hit Lake Geneva communities.
“Gigabytes of data stolen from Rolle’s vaudois community and posted on darknet. But the city administration presumably knew nothing,” reported the website Remonews. “The community of Rolle VD, idyllically located on Lake Geneva, was hit by a massive data leak. The criminals have posted internal and confidential documents on Darknet, as research by Watson shows.”
The attack was discovered on May 30. According to the Le Temps daily, the documents stolen in the attack were very sensitive and could have been used by the attacker to target specific individuals. Experts described them as “extraordinarily sensitive.”
The representatives of the Rolle city council admitted that they “underestimated the seriousness of the attack” and that their data was vulnerable to exploitation. The town had set up a special committee to handle the incident.
It is not clear which kinds of data were compromised by the attackers. According to local media reports, the attackers obtained names, addresses, dates of birth, social security numbers and details on residency permits for non-Swiss nationals. According to a Le Temps daily report, the stolen data also included school records and information about children who contracted Covid-19.
Vice Society is considered to be a variant of the HelloKitty ransomware that targets mainly Windows and Linux systems.
This gang behind it mainly targets private school districts and other educational institutions. It carries out its operations through a double extortion model. The group recently was involved in attacks against Windows servers exploiting the PrintNightmare vulnerability.