Blackmailers demand ransom from the Anhalt

Enlarge image

The headquarters of the district administration: Experts are working flat out to restore the data

Photo: Klaus-Dietmar Gabbert / dpa

The computers have been idle for days: From the e-mail request to the child benefit application, the employees of the Anhalt-Bitterfeld district administration can no longer access any digital services or data.

Now the State Criminal Police Office (LKA) in Saxony-Anhalt has confirmed: Criminals are demanding a ransom to unblock the office computer.

How high it is is not known.

According to the district, several servers were infected with ransomware in the cyber attack last week. Such attacks are now becoming an almost daily nuisance, especially for medium-sized companies. It was only last week that the »REvil« blackmail group was able to infect the computers of an estimated 1,500 companies with malware and encrypt their data. The attack on the office computers in Saxony-Anhalt was probably caused by a different group. According to media reports, the attackers probably used a security hole in the Windows print function that became known at the beginning of July and was closed by Microsoft a short time later.

In Anhalt-Bitterfeld, all critical systems were disconnected from the network after the attack in order to prevent further data leakage. The district then declared a disaster on Friday. Specialists and experts from federal and state authorities have been working on the analysis, identification and combating of malware since the weekend. Meanwhile, the administration is trying to restore their ability to work with new computers, as reported by the MDR. How long this will take cannot be predicted, however, because the employees have no access to a lot of official data and have to get it again from other sources.

The question of the ransom is critical.

Especially if the backup copies of a company or authority are also encrypted, there is little chance of completely restoring the affected data.

At the same time, authorities advise against paying ransom so as not to promote the blackmailer's business.

In addition, it is not certain that the criminals' decryption programs will work.

tmk / dpa