The district of Anhalt-Bitterfeld, which was attacked with ransomware on 6. July, still does not want to comply with the demands of the attackers. The erprengsultimatum was on 26. July expired, now the criminals could make sensitive data public at any time, several terabytes of data remain encrypted.
The ultimatum had become public on. July became public. The blackmailers demanded a lot of money, the amount of which was not disclosed by the responsible LKA. District Administrator Andy Grabner (CDU) had said from the beginning that none of the demands would be paid. That is how it remains, as the Suddeutsche Zeitung reports.
One week after the attack, the criminals had published personal data of 92 people on the Darknet, including cell phone numbers and bank details. 42 of those affected were members of the district council, reported the Mirror. An inquiry from our site has not yet been answered from Anhalt-Bitterfeld.
Due to the severe infestation of malware in its network, the administration of the district had declared a disaster situation, the IT systems were shut down. Nearly a thousand administrative employees could only work by phone or fax and were not allowed to use their computers.
Salaries, social benefits, Bafog could hardly be paid without the data at the end of the month, cars could not be registered for weeks – a problem for the car trade, reports the Suddeutsche. The tracking among Corona infected among the 160.000 inhabitants was immediately ensured. Since 3. August, for example, motor vehicles can be registered again in Anhalt-Bitterfeld.
Currently, IT experts in Anhalt-Bitterfeld are trying to set up a new network for the administration with the help of the Bundeswehr. Most employees could probably return to normal work by the beginning of September. However, five months could pass before all employees could work normally again.
The extortionists, according to the report, are a group that has been active since May of this year and operates under the slogan "Pay or Grief" ("pay or suffer") is active. On the Darknet, Grief offered to download some of the data stolen from the district. Other victims of the group include a U.S. private school in Texas, the municipality of Thessaloniki and a French pump manufacturer. The Swiss comparison portal Comparis was also a Grief victim and paid $400,000 in lottery money, reported the report.000 US dollars in lottery money, reported the Neue Zurcher Zeitung.
Cyber attacks – mainly by ransomware – cause German companies 220 billion euros in damage each year, the IT industry association Bitkom recently calculated. The U.S. government is apparently stepping up its efforts to combat this form of crime and has enlisted the help of the private sector to do so. Heise-Verlag has also already been attacked, in spring 2019 with the help of the malware Emotet.