The number of hacker attacks in Germany is increasing. Municipalities are also affected. A look at Ludwigshafen shows the consequences of a hacker attack.
In the late evening of October 21, 2022, Martin Frank noticed a large data leak in the IT system of the administration of the Rhine-Palatinate district via his work cell phone. The district administration’s head of technology quickly realizes that something strange is happening, but a hacker attack? “You have in the back of your mind that something like this can happen. But you have to realize that it affects you first,” says Frank.
Fortunately, he reacts quickly and pulls the plug on the entire system. But it is no longer possible to prevent the criminals from withdrawing data and encrypting it on the municipality’s computers. Since that evening almost half a year ago, the state of emergency has become part of everyday life for the administration.
The administration does not expect normal operations to resume until the summer. For a while no computer worked, no phone. IT technicians around Frank are currently loading around 750 new laptops with software for the administrative staff. Before that, they had to share functional laptops.
Still not all areas functional
“In two or three weeks we should be through with the worst,” said District Administrator Clemens Körner. The old computers were completely disposed of, as the CDU politician describes – the risk of malware hiding somewhere is too great.
Not all areas of the administration in Ludwigshafen are still functional: the registration office, for example, still lacks digital access to the Federal Motor Transport Authority. Without the branch offices of the district administration, nothing would have happened in this area for months, as Körner describes.
Since that evening in October, the administration has had little choice but to improvise. “Right on the Monday after the attack, we set up a small emergency network,” says District Administrator Körner. “It was clear: we had to go back to digital as soon as possible.”
But this is anything but easy when data is encrypted and applications are not yet working. “After the attack, social security payments were due within a few days. 1,100 recipients needed their money,” says Körner. The district’s employees then asked for account details and filled out Excel spreadsheets – by hand, 1,100 times. “The whole administration worked together,” says Körner.
The district did not pay the requested amount
How exactly the attack took place in October can probably no longer be reconstructed, says the district administrator. It was probably a laptop or a PC in the home office that the attackers used to get into the system. One thing is clear: after access, the hackers demanded a ransom for the release of the data. How much? The district administrator does not want to say that there should be no “market value” for blackmailing municipalities.
The circle did not pay the requested amount, whereupon around 100 gigabytes of data were published on the dark web. This includes information on refugees from Ukraine, but also, for example, on the population census last year.
The hacker group Vice Society claimed responsibility for the attack. You are said to have connections to Russia. The Attorney General’s Office in Koblenz and the State Criminal Police Office in Rhineland-Palatinate are investigating the incident, but tracking down the perpetrators is anything but easy.
More and more cyber attacks
After the data was published on the Darknet, the district administration was also challenged: “More than 30 employees were busy for months opening each of these files and checking for personal data,” says District Administrator Körner. “Each individual was then written to and informed. That was around 14,000 letters to affected citizens.” The fact that the administration did not come to a complete standstill was due to the commitment of the employees and the support of neighboring municipalities.
Cyber attacks on companies and public institutions, as experienced in the Rhine-Palatinate district, are increasing: “The quantity and quality of cyber attacks have been increasing for years, especially due to ransomware,” explains Carsten Meywirth, head of the cybercrime department at the Federal Criminal Police Office.
Ransomware is software that encrypts data, for example, in order to extort ransom money – as in the Rhine-Palatinate district. According to the BKA, from mid-2021 to the end of 2022 the authorities registered more than two dozen cyber attacks on municipal administrations, public utilities and health facilities.
“The reason for the increasing threat, in addition to the advancing digitization and the shift of crime to cyberspace, is also the increasing professionalization of the perpetrators,” says Meywirth. “Whereas cyber criminals used to commit their crimes alone, today there are highly specialized service providers for individual components of a cyber attack.”
It’s also about “chaos and uncertainty”
The criminals exchange information with each other and carry out the attacks on a quasi-divisional basis. It’s not just about financial interests, but also about triggering “chaos and uncertainty,” says cybersecurity expert Christian Dörr from the Hasso Plattner Institute.
In order to be better prepared for the future, the Rhein-Pfalz district has reorganized its IT architecture. Planning and implementing this is a “strength”, says IT boss Frank. The servers are now in an external data center. In addition, a service provider monitors the system for abnormal activities 24 hours a day.
Raising employee awareness is also important, says Frank. Training is needed on questions such as: “Where am I allowed to click on an email? When do I inform IT?”
Uniform certification
The attack was a wake-up call, says District Administrator Körner. However, not all municipalities have heard this wake-up call. Communication with the authorities is to become more digital in the future, and this should not be at the expense of security. A uniform certification of the authorities by the Federal Office for Information Security is important.
“That costs time, effort and money,” says Körner. But the consequences of a hacker attack are a lot more expensive: Körner expects at least 1.7 million euros for his circle – not including the costs for the new 24-hour surveillance.
#Cyber #Attacks #Wakeup #Call #Municipalities
