Icon: enlarge
Main entrance of the Düsseldorf university clinic, which was paralyzed by the malware "DoppelPaymer"
Photo: Roland Weihrauch / dpa
After the hack of the Düsseldorf university clinic, a possible trace of the perpetrators leads to Russia, according to the North Rhine-Westphalian Ministry of Justice.
Because the malware used was "DoppelPaymer".
This is a so-called encryption trojan (ransomware) that is used by a group of hackers that, according to private security companies, is based in the Russian Federation.
The Ministry of North Rhine-Westphalia announced on Tuesday in a report to the Legal Committee.
The hack caused an IT failure at the clinic, which is why an emergency patient had to be diverted.
The woman died a short time later.
Investigations into the backers are complicated
Even for IT experts, it is difficult to determine who is responsible for attacks with encryption Trojans - let alone to prove with certainty.
To date, for example, it is unknown which hackers are behind the Emotet Trojan, which is used for many of the encryption attacks.
IT experts assume that the hackers can be attributed to organized crime.
There are also various indications that the groups behind the encryption attacks from Russia are operating.
For example, Russian organizations and companies are noticeably seldom attacked by the malware.
(Read more about the hunt against the encryption hackers here)
Various organizations and companies around the world have already been attacked with the "DoppelPaymer" malware in recent months.
Experts at the IT security company Crowdstrike assume, for example, that "DoppelPaymer" is also responsible for attacks on the Chilean Ministry of Agriculture and the administration of the Texan city of Edcouch.
Cybercrime office in Cologne determined
Two weeks ago, 30 servers of the university clinic were encrypted during the hack at the Düsseldorf university clinic.
The blackmailers actually wanted to attack the University of Düsseldorf.
When the police reported their suspected error to the hackers, they sent a digital key with which the university clinic could decrypt the data again.
The IT of the university clinic is still not fully operational.
The central and contact point Cybercrime in Cologne took over the investigation into the case on Friday.
The investigation is for "negligent homicide" as there is an initial suspicion that the unknown perpetrator is responsible for the patient's death.
The investigation continues.
Icon: The mirror
hpp / dpa
