At quarter to eight that day in early June, Andreas Lederle came into the office. “The employees came to meet me,” says the managing director of Erdwärme Grünwald. “Our office system had been hacked, we couldn’t get in anymore.” But of course there was a corresponding emergency plan, so that the first crisis meeting could already be held at 8.30 a.m. via teams. The Bavarian State Criminal Police Office and the data protection officer were also informed so that the best experts in this field could step in immediately.
“In the meantime, we’re back to normal operations,” says Lederle. The employees are equipped with new hardware, and work is continuing to improve security. The whole thing didn’t cause too much excitement with geothermal energy, Lederle lets it be known, because one had almost expected that it could happen one day. “Hacker attacks are widespread at the moment,” says Lederle, “many companies suffer from them.” Fortunately, only the office infrastructure was hacked with geothermal energy. The production systems, i.e. the supply to the customers, were never in danger. Of course, we are working on securing this further. Because alternative energy supply is apparently a popular target of these perpetrators. “Many wind power operators have also been attacked,” says Lederle. “One could well imagine that a Russian gas supplier would not like to see Germany’s independence.” However, that is only a guess.
The supply of the customers was not in danger.
(Photo: Claus Schunk/Claus Schunk)
Gunther Schloeffel, one of the experts who helped geothermal energy and who were certified by the Federal Office for Information Security (BSI), does not believe in the political motives of the perpetrators. “This is organized crime, it’s about extorting money,” says the “cyber security consultant” and CEO of Pen.sec AG. The latter simulates attacks on companies to see how far one would get. With this experience, she can of course also help affected companies.
That morning, the employees also found the extortionist’s demands printed out on the Erdwärme printers. These were also sent in a readable file. The company’s own data, on the other hand, was encrypted by the perpetrators in such a way that the owner could no longer access it. The blackmail goes like this: If you want your data back, you pay. The blackmail letter usually contains a specialized link, which leads to a website on the dark web, which is also the case with geothermal energy. There you can contact the perpetrators via chat. Geothermal energy didn’t do that, but many companies do, reports Schloeffel. Quite a few companies would have to meet the financial demands of the blackmailers, contrary to the advice of the State Criminal Police Office. “It’s often about pure existence.”
Geothermal manager Andreas Lederle was able to fall back on an emergency plan.
(Photo: Claus Schunk/Claus Schunk)
The first step that June day was to disconnect the geothermal system from the grid so that the attacker could not spread further. At the beginning there is great uncertainty as to what exactly was attacked and what damage to expect. “It is vague for the company what is still to come,” says the expert. The technical investigation clarifies the exact damage. The initial phase is bad for every company, says Schloeffel. The employees can no longer work, and in some cases their ability to work is paralyzed for weeks. “The geothermal energy was lucky there,” says Schloeffel.
Something that has never happened in Germany, but is theoretically possible, according to Schloeffel, is that the hackers take control of the electricity system. Then they could, for example, make circuits in substations and intentionally produce overloads that would lead to damage. But because of this danger, the security requirements in these areas are particularly high. In the case of geothermal energy, too, “it’s fair to say that the security systems ensured that things went smoothly,” says Schloeffel.