The entire IT infrastructure of the Anhalt-Bitterfeld district administration, which was paralysed after being targeted by a ransomware attack at the start of July, has requested assistance from the Bundeswehr, the German armed forces. EURACTIV Germany reports.
Following the ransomware attack, several servers of the district administration in eastern Germany were infected, which led to access to data and services being restricted. To keep the administration’s most important servers running, a state of emergency was called and an emergency infrastructure set up.
“The Armed Forces are now to assist us with forensics and with the restructuring and installation of the new infrastructure, which is independent of the old network. Administrative assistance has been requested, but so far the answer is still pending,” the district’s press officer told EURACTIV.
The federal office for information security (BSI) is also already involved and has been supporting the district administration since 22 July in assessing the damage and restoring specialised applications.
The hackers are asking for a ransom in exchange for the release of the encrypted data, according to the State Criminal Police Office in Saxony-Anhalt, but the district refused to comply.
Although the amount is not known, a BSI report from March indicates that ransomware attacks usually come with demands for ransom in the six-figure range.
While the damage cannot be quantified for the time being, it is possible that the entire technical infrastructure will have to be restored.
“Then we are no longer in the six-figure range,” the district’s spokesperson confirmed. But according to a statement by the district, some of the stolen data has already been published on the Darknet.
The identity of the perpetrators and how the systems were infected remains unclear. But it is possible that the attackers exploited a security hole in the Windows printing function.
According to the district’s spokesperson, a link to the widespread ransomware attack on the Kaseya software of 4 July has not been ruled out. This is currently “the subject of investigation by the police authorities,” the spokesperson added.
Ransomware attacks – an endemic problem
Particularly as a result of the shift towards digitalisation in the wake of the pandemic, cybercrime has increased significantly. And ransomware attacks are currently one of the “greatest threats to the IT of companies and organisations,” warned BSI President Arne Schönborn.
In recent years, around 500 ransomware cases have been reported to the police in Germany, the country’s interior ministry told EURACTIV. However, the number of unreported cases is probably much higher since, according to a study by the economy ministry, only 12% of all cyberattacks are reported to the police.
And while prosecuting and investigating such activity remains extremely difficult, the perpetrators act in a highly professionalised fashion.
But there are still ways to take action against such attacks, as the case of the Emotet malware shows. In January, Europol, together with authorities from eight countries, took down the malware and its underlying infrastructure, which had been used for a series of ransomware attacks in recent years.
“Various technical and repressive means were used to infiltrate the infrastructure of the perpetrators and to inform those affected by the malware,” Germany’s interior ministry told EURACTIV.
Cybercrime and ransomware attacks are also of concern at the international level.
The G7 states, for instance, are currently working on strengthening cooperation between states and “improving the ability to identify the perpetrators,” an interior ministry spokesman has said.
[Edited by Zoran Radosavljevic]