Extortion of companies through ransomware attacks has reached unprecedented levels worldwide, particularly during the pandemic, but Germany’s businesses and public institutions are not sufficiently prepared to address such threats that can put livelihoods and economies at risk.
According to a report by ChainalysisInsights, the amounts extorted through ransomware attacks worldwide increased from $27.3 (€23) million in 2018 to over $400 (€338) million in 2020, with many German companies also in the firing line. During the pandemic, attacks have reached unprecedented levels and have become a lucrative business.
Just on Sunday (4 July), hackers held the data of between 800 and 1,500 companies to ransom for around $ 70 million (€59 million) after they attacked IT software company Kasya.
“Ransomware is currently rated as one of the biggest threats to the IT systems of companies and organisations. Successful attacks often bring services and production to a standstill. The damage for those affected is therefore often enormous,” said the president of the Federal Office for Information Security, Arne Schönborn.
In ransomware attacks, hackers use malware to infiltrate the systems of government agencies and companies to encrypt their data. To restore access to the encrypted data, they usually demand exorbitant sums.
Danger for the German economy
The German economy has never “been attacked as much as today” the federation of German industries (BDI) said in a statement in relation to Sunday’s ransomware attack.
MP Mario Brandenburg of the liberal Free Democrats (FDP) said that “IT security is the Achilles’ heel of the digital society”.
The digitalisation surge that has come with the pandemic and the increasing networking of IT systems have increased the security risk for German companies.
The rapid rise of home-office solutions has also “opened the gates for ransomware – at the expense of corporate security,” Marc Tenbieg, executive director of the German association for small and medium-sized enterprises (DMB), told EURACTIV.
While the hackers mainly target large companies and public institutions, according to the German criminal police office’s federal situation report, ransomware attacks are now part of the everyday life of many German small medium-sized companies (SMEs).
“According to our data, virtually every SME has already been the victim of a cyberattack,” a spokeswoman for the German association of small and medium-sized businesses (BVMW) told EURACTIV.
The lack of awareness of ransomware attacks is a massive problem, according to experts.
SMEs “have not yet recognised this risk for themselves, which should not be underestimated,” Tenbieg said, adding that even when entrepreneurs do recognise the danger, “there is often a lack of the right approach as well as human and financial capacities”.