Several German companies, including retail electronics companies MediaMarkt and Saturn, have been affected by ransomware attacks in recent days. EURACTIV Germany reports.
Medical IT service provider Medatixx announced on Monday (9 November) that it was the target of a cyberattack in the middle of last week and electronics retail companies MediaMarkt and Saturn also fell victim to a nighttime ransomware attack between Sunday and Monday.
Mediatixx reported that the cyberattack encrypted “important parts of our internal IT system”. Meanwhile, a crypto-virus infected several Windows servers at MediaMarkt and Saturn, affecting some 3,100 servers.
The public prosecutor of the northern Bavarian town of Bamberg told EURACTIV that the two attacks were not believed to be connected.
In ransomware attacks, hackers use malware to infiltrate systems and encrypt data. To restore access to the encrypted data, they usually demand exorbitant sums of money.
In both cases, the exact extent of the attack is not yet known.
“We are currently working intensively with internal and external experts as well as the responsible authorities in order to analyse and identify the damage caused as quickly as possible,” MediaMarkt told EURACTIV.
“Whether and to what extent data was also stolen is not known at this time. It can therefore not be ruled out that data stored with us has been stolen,” Medatixx said in a press release, calling on customers to change their passwords, so hackers do not gain access to their accounts.
Massive increase in ransomware attacks
Since the start of the pandemic, the Federal Criminal Police Office (BKA) has recorded a significant increase in ransomware attacks against businesses and public bodies.
Although the BKA does not yet have reliable figures for 2021, around 500 ransomware attacks have been documented in recent years, the interior ministry told EURACTIV. As only 12% of cyberattacks are reported, the actual number of attacks is likely much higher according to a study by the federal ministry of economics and technology.
In a report published in October, the EU cybersecurity agency ENISA also warned of a massive increase in cyberattacks. In May and June, ransomware attacks rose sharply, with ENISA recording more than 30 such instances.
At the same time, the sums requested by attackers has more than doubled compared to 2019. While the average ransom demanded in 2019 was around €70,000, it increased to €155,000 in 2021.
But methods have also changed with attackers increasingly resorting to so-called “double extortion”, whereby the victims’ data is encrypted and taken away so that attackers can threaten victims with publishing the data online in the future.
While traditional ransomware attacks paralyse the internal operations of organisations, the affected companies are additionally threatened with the incident being made known to the companies’ customers and partners, which increases pressure to pay the ransom.
The use of this “double blackmail” by hackers has increased exponentially in the past year. While only 8.7% of hackers threatened companies with the publication of the captured data last year, this figure skyrocketed to around 81% in 2021, the ENISA report found.
Given the cross-border nature of cyberattacks, tackling them requires dense international cooperation. In mid-October, governments of 30 countries across the globe and the EU announced plans to take “disruptive actions” against ransomware criminals.
The plans are already bearing fruit. In late October, a multi-country operation hacked the ransomware group REvil, responsible for thousands of cyberattacks, and forced them offline. Furthermore, Europol announced on Monday that five hackers linked to REvil, have been arrested since February.
[Edited by Alice Taylor]