news agency

Cyber ​​attack in Saxony-Anhalt: How hackers blackmail a district

“Closed until further notice”: This notice on the door to the district administration of Anhalt-Bitterfeld blocked the way for months. That was of course related to Corona, but as soon as the incidences went down, the district had to go into lockdown again – only this time for completely different reasons. Last Tuesday, the approximately 800 employees received an urgent broadcast to shut down their computers immediately. Since then, the administration in the area between Dessau and Halle has been at a standstill.

“At the moment only the telephone system works,” says District Administrator Andy Grabner (CDU). The employees couldn’t even send an email. IT specialists are currently in the process of connecting 50 to 100 computers and thus building an emergency network. “So that we can do the most necessary services again,” says Grabner. The district administrator does not yet know what exactly happened. It is only clear that the small district with its 160,000 inhabitants is dealing with highly professional hackers from the Darknet, a hidden part of the Internet.

Via a security gap in the network system, presumably at a printer interface, the perpetrators succeeded in encrypting administration data and thus making it unusable for the time being. To prevent further damage, the entire system was shut down.

In one of the data sets, experts from the State Office of Criminal Investigation finally found a link to the Darknet that hides a ransom demand. The investigators are silent about the amount, but apparently the blackmailers are threatening to publish data from the administration from a certain point in time if the payment is not made. “We don’t know what data has been extracted,” says Grabner. “It could be anything.” So also personal information about individual residents of Anhalt-Bitterfeld.

The district has declared a disaster

Grabner has nevertheless decided not to pay a ransom. “No claim will be settled,” he says. “We will not allow ourselves to be blackmailed as a public authority.” This is the decision of the district, the state government can of course decide differently. But in addition to all reason of state, no one can guarantee that the perpetrators will decrypt the data after receiving the ransom.

Last Friday, the district declared a disaster, the first time since the flood in 2013. In addition to the experts from the State Office of Criminal Investigation, IT specialists from the Federal Office for Information Security are now trying to measure the damage. Including the question of whether even the backups of the data records were already infected by the malware. They cannot be imported beforehand.

The administrations of the surrounding districts in Saxony-Anhalt have started to check their own computer systems as a precaution. “It is a process that we have to observe worldwide: attempts are made to attack local administrations or municipal facilities such as municipal utilities,” commented Gerd Landsberg, chief executive of the Association of Towns and Municipalities, on the incidents in Anhalt-Bitterfeld.

The security architecture of state institutions is often porous

The perpetrators often proceeded very systematically, says Bernd König, an expert on cyber security. Using search programs known as crawlers, they continuously scoured the Internet for vulnerabilities. “There is a lot to suggest that this administration was hit because they had the barn door most open,” says König.

He had long expected an incident like Anhalt-Bitterfeld, because the security architecture of state institutions is porous at the state level at the latest. That is why he considers it right in principle not to respond to the perpetrators’ demands. “The more ransom money flows into it, the more professional the perpetrators can equip themselves.”

In addition to these cyber-technical questions, District Administrator Grabner and his employees currently have a lot of practical problems to solve. Because without the data of the administration, not even the aid for the needy can be paid out, just as little as the social assistance. The salaries for the employees would also have to be transferred, and the car dealerships are also in a tight spot: Cars that have been ordered cannot be registered, i.e. they cannot be delivered. The manufacturers still waited for their money, complain the dealers.

The employees in the district administration have therefore switched back to traditional techniques and now searched the files for clues. At the same time, the citizens were asked to personally bring their notices to the offices, and the district has agreed with the house bank to first pay on the basis of the transfers from the previous month. “We won’t leave anyone out in the rain,” says Grabner. He assumes that the administration will at least be able to work on a makeshift basis again from next Monday.

Grabner, 46, was mayor of Sandersdorf-Brehna for many years. He has already had to overcome a number of crises, he says, “but of course I have never experienced a situation like this.” He was actually supposed to take up his new position as district administrator last Monday, but because of the hacker attack, he started a few days earlier. Grabner: “You imagine a good start differently.”

.

You may also like

Hot News

TRENDING NEWS

Subscribe

follow us