The criminals attack companies' IT systems. They encrypt company data with the result that operations have to be shut down completely. The IT infrastructure can usually only be restored at great expense. Administration, logistics and production are affected. The economic damage is in the 7-digit euro range.
Recently, the police have noticed a particularly perfidious scam used by blackmailers: encryption is combined with the theft of company data. The perpetrators gain access to the company's data, look around the system environment and steal valuable data. They threaten to publish it completely on the Darknet. The tools for this are often offered on the darknet at the same time, as a kind of "crime as a service".
In both cases, the company demands a ransom in virtual currency (e.g. Bitcoin). Depending on the economic strength of the company, this can also amount to millions in individual cases. It is a challenge for companies to keep their IT systems up to date in terms of security. Missing updates to programs, operating systems, anti-virus software or firewalls are welcome gateways for criminals. A default password on a network printer or router that has not been changed also facilitates or enables attacks.
Last but not least, the human factor plays a role in this context; "social engineering" should not be underestimated. A harmless email with an infected file attachment opened carelessly and the attacker has achieved his goal. Weak or repeatedly used passwords and negligent handling of administrative accesses can quickly lead to disaster.
The State Criminal Police Offices and the Federal Office for Information Security provide comprehensive recommendations for action regarding encryption Trojans on the Internet. Together with IT specialists, companies should check whether their systems are up to date in terms of security and comply with the recommendations. Employees should also be regularly made aware of how to handle incoming emails and passwords. An emergency plan and emergency contact details should not only be kept in the drawer for fire emergencies, but also for cyber attacks.
Counseling on cybercrime is also offered by the Criminal Investigation Department KP/O (crime prevention) of the Aachen police. Contact on 0241-9577-34201 or by email KP-O-Cybercrime.Aachen [at] polizei.nrw.de (KP-O-Cybercrime[dot]Aachen[at]polizei[dot]nrw[dot]de). In the event of a serious cyberattack, contact should be made immediately with the local police station or the hotline of the Cybercrime Competence Center for Small and Medium-Sized Enterprises (SMEs) of the LKA NRW (Tel.: +49 211 939-4040, Fax: +49 211 939-194040, E-Mail: cybercrime.lka [at] polizei.nrw.de (cybercrime[dot]lka[at]polizei[dot]nrw[dot]de)).