Attack with blackmail software: German companies also attacked

The most recent cyber attack with blackmail software has also hit German companies: the BSI explained that there were several thousand computers at several companies. There could be more.

The large-scale attack with blackmail software also hit German companies over the weekend. An affected IT service provider from Germany reported to the Federal Office for Information Security (BSI). Its customers have been affected, said a BSI spokesman. There are several thousand computers in several companies. It cannot be ruled out that other companies noticed problems with the start of the working week on Monday.

The hackers used a vulnerability at the American IT service provider Kaseya to attack its customers with a program that encrypts data and demands a ransom. The consequences could be felt as far as Sweden, where the supermarket chain Coop had to close almost all stores. The full extent of the damage is still unclear. The IT security company Huntress spoke of more than 1000 companies in which systems had been encrypted.

Kaseya announced over the weekend that fewer than 40 customers were affected. However, these also included service providers who in turn have several customers. This created a kind of domino effect. In this way, it also hit Coop over several stages. Only five of the over 800 stores – and the online shop – remained open.

US intelligence agencies investigate attack

US President Joe Biden ordered an investigation into the attack by the secret services. “The first impression was that the Russian government was not behind it – but we are not sure yet,” said Biden after questions from reporters on Saturday.

IT security experts had assigned the attack based on the software code to the hacker group REvil, which is located in Russia. A few weeks ago, REvil was behind the attack on the world’s largest meat company JBS, which had to close plants for several days, including in the USA.

Attacks make a lot of money for hackers

Attacks with extortion software had recently made repeated headlines. Just before the JBS case, an attack of this kind halted the operation of one of the largest gasoline pipelines in the United States and temporarily cut fuel supplies in the country. It brings the hackers money: JBS paid the attackers the equivalent of eleven million dollars in crypto currencies, the pipeline operator Colonial 4.4 million dollars. However, a little later, investigators were able to confiscate a good half of the colonial ransom.