{ "id": "04afcbac-4a80-491f-8833-4a93b8a0d5a7", "created_at": "2026-04-06T00:14:22.635193Z", "updated_at": "2026-04-10T03:29:39.995744Z", "deleted_at": null, "sha1_hash": "4a206342cb5c434f76917eb6a2eb53d5954f576e", "title": "Hessen Consumer Center says systems encrypted by ransomware", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 3852147, "plain_text": "Hessen Consumer Center says systems encrypted by ransomware\r\nBy Bill Toulas\r\nPublished: 2024-02-27 · Archived: 2026-04-05 22:43:07 UTC\r\nThe story incorrectly stated that the Hessen state in Germany was attacked. The story has been updated to clarify that the\r\nHessen Consumer Center is not part of the government.\r\nThe Hessen Consumer Center in Germany has been hit with a ransomware attack, causing IT systems to shut down and\r\ntemporarily disrupting its availability.\r\nHessen is a state in central Germany with over six million people that encompasses Frankfurt, the country's second-largest\r\nmetropolitan area and a major financial center.\r\nhttps://www.bleepingcomputer.com/news/security/hessen-consumer-center-says-systems-encrypted-by-ransomware/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/hessen-consumer-center-says-systems-encrypted-by-ransomware/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nThe Hessen Consumer Center is an non-profit organization that aims to provide unbiased and neutral advice to the residents\r\nof Hessen about consumer law, telephone and internet, finance and insurance, energy saving, health and care, food and\r\nnutrition. \r\nAn announcement published yesterday on the organization's online portal says telephone and email communications have\r\nbeen impacted due to a cyberattack that occurred on Thursday, February 22.\r\n\"Early on Thursday morning, there was an attack on the IT infrastructure at the Hessen Consumer Center,\" reads the\r\nannouncement. (machine translated)\r\n\"As a result, the Hessen Consumer Center could not be reached by telephone for a short time on Friday.\"\r\nAlthough the communication disruptions have been mostly addressed, and the website is fully operational, people continue\r\nto have trouble reaching the consumer advice center and consumer advocates.\r\nExternal IT security experts aid the organization's efforts to restore the availability of all communication channels in the\r\nimpacted advice centers, but an estimate for a return to normal operations has not been given at this time.\r\nThe more worrying aspect of the cyberattack is the possibility of a data breach that could have impacted Hessen citizens\r\nwho have contacted the advice center.\r\nRansomware actors often steal data from compromised networks before proceeding with the encryption step to use as\r\nleverage in the ensuing extortion phase.\r\nThe advice center declared that they are in no position to determine whether any data had been stolen at this stage of the\r\ninvestigation but will inform affected individuals if and when a personal data compromise is confirmed.\r\n\"The data on the server and some backup systems is currently encrypted. It is not yet clear whether or which data has been\r\nleaked. As soon as it becomes clear, those affected will be informed.\" - Hessen Consumer Advice Center.\r\nHessen's consumer advice center clarified that it strives to store the minimum possible amount of data on its servers as part\r\nof its commitment to data protection. However, it did not mention what data types it holds.\r\nThe state's data protection and IT security offices have been informed about the cybersecurity incident, and a criminal\r\ncomplaint has been filed with the Hessen police.\r\nBy the time of writing this, none of the major ransomware operations had taken responsibility for last week's attack on the\r\norganization.\r\nUpdate 2/28 - The Blackcat/ALPHV ransomware gang has claimed the attack at the Hessen Consumer Center and published\r\ndata samples on its extortion page on the dark web.\r\nhttps://www.bleepingcomputer.com/news/security/hessen-consumer-center-says-systems-encrypted-by-ransomware/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/hessen-consumer-center-says-systems-encrypted-by-ransomware/\r\nhttps://www.bleepingcomputer.com/news/security/hessen-consumer-center-says-systems-encrypted-by-ransomware/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.bleepingcomputer.com/news/security/hessen-consumer-center-says-systems-encrypted-by-ransomware/" ], "report_names": [ "hessen-consumer-center-says-systems-encrypted-by-ransomware" ], "threat_actors": [ { "id": "6e23ce43-e1ab-46e3-9f80-76fccf77682b", "created_at": "2022-10-25T16:07:23.303713Z", "updated_at": "2026-04-10T02:00:04.530417Z", "deleted_at": null, "main_name": "ALPHV", "aliases": [ "ALPHV", "ALPHVM", "Ambitious Scorpius", "BlackCat Gang", "UNC4466" ], "source_name": "ETDA:ALPHV", "tools": [ "ALPHV", "ALPHVM", "BlackCat", "GO Simple Tunnel", "GOST", "Impacket", "LaZagne", "MEGAsync", "Mimikatz", "Munchkin", "Noberus", "PsExec", "Remcom", "RemoteCommandExecution", "WebBrowserPassView" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434462, "ts_updated_at": 1775791779, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/4a206342cb5c434f76917eb6a2eb53d5954f576e.pdf", "text": "https://archive.orkl.eu/4a206342cb5c434f76917eb6a2eb53d5954f576e.txt", "img": "https://archive.orkl.eu/4a206342cb5c434f76917eb6a2eb53d5954f576e.jpg" } }