Icon: enlarge
Presentation of the federal situation report Cybercrime 2019
Photo: Frank Rumpenhorst / dpa
What ransomware can do has only just become apparent at the Düsseldorf University Hospital.
The ransomware Doppelpaymer led to an IT failure there, which is why an emergency patient was taken to another hospital.
The 78-year-old died a short time later.
"The intensity of these attacks," writes the Federal Criminal Police Office (BKA) in its national cybercrime report published on Wednesday, "continued to increase in 2019 - especially the resulting effects".
Ransomware "is and remains
the
threat for companies and public institutions," writes the BKA.
At least seven of the twelve "formative cyber attacks" in Germany in 2019 were ransomware infections.
This also includes the attack on the IT of the South-West sponsoring company of the German Red Cross in Mainz with the ransomware Sodinokib, also known as REvil.
"During the attack, the IT systems in twelve company facilities in Rhineland-Palatinate were encrypted to a large extent," says the management report.
"Although patient care was always guaranteed, this case again shows that critical infrastructures in Germany are seriously endangered by cyber attacks: A single attack on a central server structure can be enough to trigger a chain reaction and render several connected facilities incapable of action."
In the meantime, the perpetrators are increasingly pursuing a two-pronged approach: Not only are files, drives and sometimes backup copies encrypted and - if at all - only released for a ransom.
Sensitive data, including trade secrets, would also be copied beforehand and forwarded to the perpetrators, who then threatened publication.
IT security experts attribute the development to improved company backup strategies - the perpetrators have created an alternative way of blackmailing themselves if a victim does not want to pay for encrypted files and simply uploads their backup copies.
The Trojan Emotet is used as a door opener for a certain type of ransomware, which is "currently considered to be one of the most harmful malware in the world".
The backers are suspected to be in Russia, Emotet itself operated as a service for other criminal groups.
(Read more about the developers at Emotet here.)
Making malware invisible as a service
The so-called malware crypting as a service, i.e. the alienation and modification of malware so that antivirus programs do not discover it, also belongs to the "underground economy", the most important components of which are explained in the BKA report.
As an example, the BKA cites the case of a Tunisian who, according to the investigation, "has been advertising for years on numerous forums that are attractive for cybercriminals in order to win customers for crypting services. He is suspected of being malicious software on a large scale - especially on behalf of Russian cybercriminal scene - to have encrypted and thus secured against detection. "
Overall, the BKA recorded a new high in the field of computer crime "in the narrower sense" last year.
100,514 cases were recorded by the German police authorities in 2019, an increase of 15.4 percent compared to the previous year.
However, the numbers should be viewed with some caution.
Computer fraud makes up more than three quarters of these crimes, and this category can also include commercial credit fraud - in other words, cases in which someone orders something on the Internet but then does not pay.
However, commercial credit fraud is often also recorded by the police as computer crime "in the broader sense," as the BKA report shows.
These cases end up in the statistics for "Tatmittel Internet" and do not count among the 100,514 cases of computer crime "in the narrower sense".
Upon request, the BKA was initially unable to answer under which circumstances a case is sorted into which of the two categories.
It is therefore initially unclear whether the total number of cases and the percentage increase could also be a result of fuzzy recording criteria.
Icon: The mirror
pbe
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/H6SX4JB4HJIOMBO3FUP6IGGLUI.jpg)
