Exclusive
Status: 06/29/2021 5:00 a.m.
According to a survey by BR and “Zeit Online”, perpetrators succeeded in more than 100 cases in encrypting the IT systems of authorities and public institutions. The federal government has no overview of the cases.
Von Maximilian Zierer and Hakan Tanriverdi, BR
When the hackers came, Ernst Walter only saw “alphabet salad”. This is what the managing official of the small community of Kammeltal in the Günzburg district tells. In early April, hackers had Encrypted server and apparently wanted to blackmail the community. Data for money. The community filed a complaint with the local police, and after 45 minutes the criminal police were in the town hall. But that could do little, until today the community has no access to a lot of data. She works with a backup.
Ransomware is the name given to the malware that criminals use in this form of digital blackmail. Most of the time, they are distributed via email. Ransom money in the millions is flowing around the world. The Federal Criminal Police Office (BKA) calls ransomware “the threat” for companies and public institutions. This is what it says in the Federal Criminal Police Office’s annual cybercrime report.
Nevertheless, there is no precise overview of how badly the public administration is affected by these attacks across Germany. The Federal Government also has no knowledge of the number of cases, as confirmed by the Federal Ministry of the Interior on request. There is currently no general reporting requirement for ransomware attacks. Research by BR and “Zeit Online” now give an impression of the scale of the problem.
In the past six years, government agencies, local governments and other government and public agencies have successfully encrypted IT systems in more than 100 cases. That comes from a survey by BR and “Zeit Online” emerged from the state and federal interior ministries. The total number could be significantly higher, because several states such as North Rhine-Westphalia, Berlin and Hesse did not provide any specific information.
State parliaments, ministries and municipalities affected
The state parliaments of Saxony-Anhalt and Mecklenburg-Western Pomerania, schools, police stations, state ministries, universities and hospitals were affected by blackmail attempts. The Federal Ministry of the Interior also became aware of a case within the federal administration in which a server was encrypted. It also hits local authorities time and again: large cities like Frankfurt am Main, cities like Neustadt am Rübenberge in Lower Saxony or even small communities like Kammeltal.
The municipal umbrella organizations also do not have a systematic overview of the number of incidents. The German Association of Towns and Municipalities sees a growing problem and calls for better cooperation between municipalities and state authorities. “The question arises as to how quickly the necessary support for the prevention of ransomware attacks will come to every municipality,” it says at the request of BR and “Zeit Online”.
Domscheit-Berg calls for an awareness campaign
The Left Party MP Anke Domscheit-Berg criticizes that the federal government does not have a clear strategy against ransomware attacks. She calls for a broad-based awareness-raising campaign to make officials aware of the threat: “Even a single attack can have inconceivable consequences and affect a large number of people at once when we think of critical infrastructures.”
To Critical infrastructures include waterworks, large hospitals and the food industry. You have to report hacker attacks to the federal government. Municipalities and state administrations do not have to do this so far. Green politician Konstantin von Notz therefore calls for mandatory reporting of ransomware incidents: information would have to be bundled and a warning system implemented. “None of that exists. And that’s why we’re in so bad shape,” von Notz said in an interview with BR and “Zeit Online”.
The Federal Ministry of the Interior announced that “if federal states want to inform federal authorities about ransomware incidents in their jurisdiction, they are free to do so”. The federal states are responsible for taking measures to defend against ransomware attacks on state and local authorities.
Martin Schallbruch from the European School of Management and Technology Berlin, on the other hand, speaks of a “patchwork quilt” in the federal states. He calls for uniform rules for states and municipalities and better coordination between the federal government and the states.
Taxpayer money for blackmailers
In fact, the attackers are successful in some cases with their blackmail attempts. That means: tax money goes to cyber criminals. The State Theater Stuttgart is said to have paid 15,000 euros in 2019, like local media reported. IT security professionals and law enforcement agencies don’t recommend paying hackers, but often enough the alternative is to lose the data.
There is no overview of successful blackmail. Several federal states, including Bavaria, North Rhine-Westphalia and Berlin, leave open in their answers whether and how many municipalities or authorities have paid ransom. The Federal Ministry of the Interior announced on request that ransom payments by public authorities were not known.
In Kammeltal, on the advice of the local police, they did not give in to the blackmail attempt. Now the IT security of the small community has been improved.