The southernmost Austrian state of Carinthia suffered a devastating BlackCat (ALPHV) ransomware attack, encrypting approximately 3,000 government computers and crippling critical public services. The attack forced the shutdown of the official government website, email systems, passport issuance, traffic violation payments, and COVID-19 contact tracing services, causing widespread administrative paralysis. The BlackCat ransomware gang demanded a $5 million ransom, which the state refused to pay.The disruption severely impacted citizen-facing operations, halting essential processes like identity verification, legal compliance, and public health tracking. While no explicit data exfiltration was confirmed in the article, the encryption of systems and service outages suggest a high-risk scenario where government functionality was compromised at a regional level, affecting thousands of residents. The attack underscores the vulnerability of public infrastructure to sophisticated ransomware groups, with recovery efforts likely requiring extensive time and resources despite the state’s refusal to negotiate.
Source: https://www.acronis.com/en/tru/posts/austrian-state-of-carinthia-hit-by-blackcat-ransomware/
TPRM report: https://www.rankiteo.com/company/eu-representation-carinthia
"id": "eu-1264112090625",
"linkid": "eu-representation-carinthia",
"type": "Ransomware",
"date": "9/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'industry': 'Public Administration',
'location': 'Carinthia, Austria',
'name': 'Carinthia (Austrian State Government)',
'type': 'Government'}],
'data_breach': {'data_encryption': 'Yes (3,000 computers encrypted)'},
'description': 'Carinthia, the southernmost state in Austria, had its '
'computer systems encrypted by BlackCat (ALPHV) ransomware, '
'causing severe disruption of government services. The attack '
'encrypted around 3,000 computers, taking the government '
'website and email system offline. Services affected include '
'passport issuance, traffic violation payments, and COVID-19 '
'contact tracing. The BlackCat gang demanded a $5 million '
'ransom, but the state has refused to pay.',
'impact': {'brand_reputation_impact': 'Negative (Government services '
'disrupted)',
'operational_impact': ['Passport issuance disruption',
'Traffic violation payment disruption',
'COVID-19 contact tracing disruption'],
'systems_affected': ['3,000 computers',
'Government website',
'Email system']},
'motivation': 'Financial Gain',
'ransomware': {'data_encryption': 'Yes',
'ransom_demanded': '$5 million',
'ransom_paid': 'No (State refused to pay)',
'ransomware_strain': 'BlackCat (ALPHV)'},
'recommendations': ['Implement ransomware detection and blocking solutions '
'(e.g., Acronis Cyber Protect Cloud)',
'Ensure robust backup and disaster recovery capabilities'],
'references': [{'source': 'Acronis Cyber Protect Cloud'}],
'threat_actor': 'BlackCat (ALPHV) Ransomware Gang',
'title': 'BlackCat (ALPHV) Ransomware Attack on Carinthia, Austria',
'type': 'Ransomware Attack'}