Hacker group "Akira" paralyzes over 70 municipalities
The new car cannot be registered, the driver's license cannot be picked up. The birth certificate is a long time coming, as is the new identity card. The residence permit is only available as a provisional document at best. For days, services in more than 70 municipalities in North Rhine-Westphalia have been paralyzed in one fell swoop. Citizens' offices have been completely closed.
A targeted hacker attack has severely disrupted the administrations and laborious emergency solutions are being put in place. It was not the first hacker attack on public infrastructure in Germany, but it was one of the most far-reaching. And experts are warning of a further increase in cyber attacks.
The Federal Office for Information Security (BSI) reports that, on average, two local authorities or municipal companies are affected by such hacker attacks every month. By the middle of this year, municipalities across Germany with almost six million inhabitants had been affected within twelve months.
No rapid return to normality
In the case of the current hacker attack on the service provider Südwestfalen-IT on October 30, there was no other option but to shut down all systems immediately, the attacked company announced. The crisis team has been meeting since then. A special unit of cybercrime investigators is hunting down the perpetrators, while IT forensic experts are searching for the gap through which the hackers were able to penetrate.
A rapid return to normality is unlikely, but there is hope that some public services will soon be available again, at least on a makeshift basis.
A hacker group called "Akira" is demanding a ransom, only then will it release the municipal systems again, according to a report to the NRW state parliament. However, the local authorities do not want to pay under any circumstances. Cities, municipalities and districts are mainly affected in South Westphalia, sometimes also in the Ruhr region, the Rheinisch-Bergisch district and elsewhere - with differences in type and extent.
Almost daily hacker attacks
Cologne public prosecutor Christoph Hebbecker from the central cybercrime unit ZAC NRW reports that hardly a day goes by without his unit having to investigate a so-called ransomware attack like this one in North Rhine-Westphalia. In view of the serious consequences, however, the current case is an "outstanding case".
According to the public prosecutor, attacks are being carried out "across the board": universities, educational institutions, law firms, hospitals and companies from all sectors. The scam is always the same: the criminals look for security loopholes, infiltrate the system and often install their malware weeks or months before the actual attack. Whether data was only encrypted or also stolen in the current case is still unclear.
The BSI notes that criminal hackers have been increasingly choosing the path of least resistance for some time now and selecting victims that appear easy to attack. "The focus is no longer on maximizing the potential ransom, but on rational cost-benefit calculations," according to the latest status report.
More than 200 billion euros in damage
Cyber attacks have become one of the biggest threats to the German economy and society, warns the digital association Bitkom. In the past twelve months, German companies alone have suffered 206 billion euros in damage due to espionage, sabotage and data theft, 148 billion euros of which was caused by cyber attacks, says security expert Simran Mann. "And the risk of cyber attacks is growing."
The IT infrastructure needs to be updated regularly, security gaps need to be closed quickly, backups and emergency recovery plans need to be in place. According to Bitkom, employee training is also very important in order to detect attacks at an early stage and then be able to act correctly.
Last March, cybercrime investigators from ZAC NRW succeeded in exposing the hacker group "Double Spider", also known as "Doppel Spider" or "Grief". The suspects, who are wanted worldwide, are accused of attacks on the Düsseldorf University Hospital, the Funke media group and the district of Anhalt-Bitterfeld, which declared a state of emergency as a result.
One of the suspects, the Russian Igor T., is said to have taken part in a hacking competition organized by the Wagner mercenary group at the end of 2022. "We also see links and connections to the Russian domestic intelligence service FSB and the paramilitary mercenary group Wagner in individual members of this group of perpetrators," said NRW Interior Minister Herbert Reul (CDU) at the time.
However, not much is known about the new hacker group "Akira". "We have no contact with the perpetrator group and are not negotiating a ransom," says public prosecutor Hebbecker. It is extremely difficult to identify the attackers behind such attacks anyway. Arrests are even rarer.
Municipalities affected by cyber attacks are seeking alternative solutions to provide affected services. For instance, some municipalities are looking into using temporary internet solutions to restore basic services until the main systems are secure again.
The increase in cyber attacks on municipalities has raised concerns about the vulnerability of critical infrastructure, leading some experts to suggest strengthening cybersecurity measures in municipalities to protect against future attacks.
Source: www.dpa.com
