Ransomware attack on third party provider impacts schools in Rhineland-Palatinate, Germany

A significant ransomware attack is impacting educational institutions in Rhineland-Palatinate, Germany, through the compromise of an external IT service provider Topackt. The incident, occurring in mid-January 2025, has affected 45 schools across various cities and districts in the region, making it potentially the largest ransomware attack on German institutions in 2024.

The Lockbit ransomware group has claimed responsibility for the attack through their darknet leak site. According to their claims, they have compromised an IT service provider serving over 70 connected schools and exfiltrated more than 3 terabytes of data.

The hackers have set a deadline of January 30 for ransom negotiation before the stolen data would be offered for sale

The number of affected individuals and types of exposed data are not disclosed.

 The affected schools are currently offline, and the compromised service provider is working on restoring networks and servers. The Rhineland-Palatinate State Criminal Police Office (LKA) has been engaged in the investigation.