“The situation is shitty, but not hopeless,” says the district administrator. Neither the vehicle registration office nor the social welfare and youth welfare offices can currently work.
The district of Anhalt-Bitterfeld declared a disaster on Friday afternoon because of a serious hacker attack on the network of its administration. “This attack has a direct impact on all areas of the district’s range of services and thus also affects the concerns of the citizens, which cannot be dealt with at the moment,” it says. The disaster gives the district administrator the opportunity to make faster decisions and request help, a spokesman told the dpa news agency.
The attack itself had already occurred earlier in the week. This is a ransomware attack in which files on the county government’s server were encrypted by the attackers. According to reports from the MDR, they are demanding a ransom to unlock the system. Apparently, the experts have not yet succeeded in ridding the affected computers of the malware.
How the Mitteldeutsche Zeitung reported first, the attackers allegedly infiltrated through the security vulnerability called “PrintNightmare”. Just a few days ago, Microsoft had the critical vulnerability in the Windows printer spooler service via Emergency patch stuffed. Apparently it came too late for the district administration of Bitterfeld: Almost the entire system of the district has now been disconnected from the network in order to prevent data theft. The citizens of the district should report in the coming days either by phone or by post, says a spokesman. It is assumed that you will not be able to work fully in the coming week either.
Politicians are calling for ransomware attacks to be reported
“The situation is shitty, but not hopeless,” said Uwe Schulze (CDU), District Administrator of Anhalt-Bitterfeld, on Friday opposite the MDR. They are currently working with federal experts to decrypt the files concerned. In addition, the law enforcement authorities are involved. However, many services for citizens are currently idle; neither the vehicle registration office nor the social welfare and youth welfare offices can go about their work.
Just last week, a large-scale hacker attack hit the headlines: An attack on the US IT service provider Kaseya has now damaged 800 to 1,500 companies worldwide, including the Swedish supermarket chain Coop. Here too, ransomware was installed in many cases. The hacking group REvil is said to be behind it.
How Research by BR and Zeit Online recently revealed that in the past six years in Germany alone there have been around 100 blackmail attempts by authorities using sheep software, including the state parliaments of Saxony-Anhalt and Mecklenburg-Western Pomerania, schools, police stations, universities and hospitals. Since there is currently no obligation to report ransomware attacks, politicians such as Left Party MP Anke Domscheit-Berg and Green Party politician Konstantin von Notz are calling for a clear strategy to deal with such attacks.