Social benefits are no longer available, nor is registering cars: encryption Trojan paralyses entire district

The administration of the Anhalt-Bitterfeld district in Germany knows a thing or two about how much damage an encryption Trojan can cause. At 6:45 a.m. on 6 July 2021, an employee in the Office for Fire Disaster Control and Rescue Services there started his computer and was greeted with the message:

“District of Anhalt-Bitterfeld, you are fucked. Do not touch anything.”

After that, the local government could not be reached by email or phone for days. The payment of social benefits stalled, administrative procedures such as the registration of cars could no longer be carried out.

Criminals had apparently sneaked into the district’s computer network months earlier and encrypted all the local government’s data during the night of 5 to 6 July 2021. The district administrator of Anhalt-Bitterfeld, Andy Grabner, received a ransom demand. The amount is not known, but for crimes on the scale in question here, at least six-figure sums, more likely seven-figure sums, are common.

District Administrator Grabner, however, did the only right thing and did not pay. Instead, he declared a state of emergency for the district on 9 July 2021 and had a complete digital replacement infrastructure built with new computers and new laptops. On 19 July, around 100 administrative staff were once again reachable by phone and email. Piece by piece, they have been trying to resume their work ever since. At the beginning of 2022, this rebuilding was still not completely finished.

Paying a ransom would undoubtedly have been cheaper, but it would have sent a devastating signal. For every ransom payment encourages digital criminals to continue. Such activities must not be rewarded – those who pay endanger themselves and others.

Apparently as a reaction to the refusal to pay the ransom, the perpetrators have meanwhile published around 200 megabytes of confidential data from the local government of Anhalt-Bitterfeld in internet forums of criminal scenarios. Anyone living in Anhalt-Bitterfeld must now reckon with criminals using their personal data to open accounts on eBay or Amazon, for example, and order goods to resell them and make money. Personal data of real people is a coveted commodity for online criminals.

The digital catastrophe of Anhalt-Bitterfeld shows how dangerous it is to open attachments of e-mails whose senders one does not know. Encryption software can be hidden in them. A double click on the file is enough and the disaster takes its course …