Pierluigi Paganini August 26, 2021

Documents and personal details of residents of the small Swiss town Rolle, on the shores of Lake Geneva, were stolen in a ransomware attack.

The Swiss town Rolle disclosed the data breach after a ransomware attack, personal details of all its 6,200 inhabitants were stolen by threat actors.

The threat actors compromised some administrative servers and exfiltrated sensitive documents.

Initially the municipal government in the town downplayed the incident, saying that attackers stole only a small amounts of data and that all the information had been restored from backup copies.

Immediately after the attack, the town administrative chief Monique Choulat Pugnale told the Swiss daily 24 heures that it was “a weak attack” that impacted email servers that “did not contain any sensitive municipal data.”

The attack was orchestrated by the Vice Society ransomware group which hit Lake Geneva.

“Gigabytes of data stolen from Rolle’s vaudois community and posted on darknet. But the city administration presumably knew nothing.” reported the website Remonews. “The community of Rolle VD, idyllically located on Lake Geneva, was hit by a massive data leak. The criminals have posted internal and confidential documents on Darknet, as research by Watson shows.”

According to the investigation published by the Le Temps daily this week, the attack was discovered on May 30, experts involved in the analysis defined the documents as “personal and extraordinarily sensitive.”

Representatives of the Rolle municipality issued a statement that admits that it “underestimated the severity of the attack” the potential uses of the data.

The town had set up a task force of experts to handle the incident.

At the time of this writing it is not clear which kinds of information that had been exfiltrated by the attackers, local media reported that compromised data included names, addresses, dates of birth, social security numbers and residency permit information for non-Swiss nationals.

Le Temps daily reported that the stolen data also include school records along with information about children who had contracted Covid-19.

Vice Society ransomware has been active since June, it is considered by researchers a spin-off of the HelloKitty ransomware, the malware targets both Windows and Linux systems primarily belonging to small or midsize victims.

This group focuses on public school districts and other educational institutions, like other ransomware gangs it implements a double extortion model and publishes data stolen from the victims on a data leak site.

The group recently made the headlines because it is one of the ransomware gangs that are actively exploiting Windows print spooler PrintNightmare vulnerability in their attacks against Windows servers.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]