Cybercrime situation report

Cybercrime situation report
Short-time work, quarantine, the childcare situation, working from home and other pandemic-related adjustments meant that large parts of the population spent significantly more time using online services. Many businesses were only able to offer their goods and services online at times. This also had an impact on criminal activity, which is reflected in the increased number of cybercrime cases.

Current situation
With 30,115 cybercrime cases in 2021, 23.96 percent more cases were recorded than in the previous year. The number of suspects identified increased by 17.23% to 6,056, while the clearance rate fell to 26.63%. In 2021, 11,328 cases were recorded for the offense of "distribution, acquisition and possession of child pornography" (previous year: 4,776). The number of cases had already doubled in 2020 compared to 2019. In this offence area, offenders prefer to use the internet to commit their crimes. 

Supply chain attack
Supply chain attacks are not designed to attack and encrypt a company's central servers, but to access several connected companies via a central distribution channel and either extract data or encrypt systems there. This type of cyberattack requires a high level of technical expertise and organizational cooperation between several players. At the end of 2020 and the beginning of 2021, the American company Solar Winds was compromised by such an attack. This attack led to European companies, including those based in NRW, being indirectly affected.

Ransomware is a phenomenon in which perpetrators infiltrate malware into the targeted system via an email attachment. If the user opens this attachment, software is subsequently installed on their system that enables the perpetrators to drain and encrypt data. If the perpetrators initiate the encryption, the data can no longer be used by the owner. A ransom is demanded to decrypt the data. By threatening to publish the leaked data, the perpetrators put further pressure on their victims to pay. Ransomware-related data modification and computer sabotage offenses increased by 31.40% in 2021 (1,653) compared to the previous year (1,258). The detection rate in 2021 was 16.27 percent.


This phenomenon, which mainly occurred in the first half of 2021, is a modified form of phishing. Victims receive a text message asking them to click on a link and start a download. One frequently used scam was a fake message from a parcel delivery company claiming to be a parcel tracking service. As soon as the victim clicked on this link, a download window was opened, simulating a browser update. If the victim agreed to this, a malware program was downloaded instead of an update. The compromised cell phone then sent further text messages to potential victims. The aim of the malware is to read credit card information and one-time passwords.

Workshops, lectures, projects, visits to major events and collaborations - since the Cybercrime Competence Center was founded in 2011, the NRW State Office of Criminal Investigation has taken many measures together with cooperation partners. The LKA NRW uses the IT Security Day of the Voice-Bundesverband der IT-Anwender e.V. (Federal Association of IT Users) to provide ongoing and up-to-date information on the dangers of cybercrime. The cooperation between Bitkom and the LKA NRW as well as other state criminal investigation offices has been in place since 2011. With regular information exchange and knowledge transfer, as well as mutual job shadowing, this security cooperation intensively pursues the common goal of countering cybercrime. In 2017, the LKA NRW also signed cooperation agreements with eco-Verband der Internetwirtschaft e.V. and networker NRW e.V. and held its first events. Joint prevention measures enable the police to reach a broad public with their messages and thus raise awareness of the phenomena of cybercrime among citizens and businesses.

Translated with (API Version)
In urgent cases: Police emergency number 110