IT security: Increasing threat from ransomware attacks

Virus mit Zahlen, Computergrafik
IT security: Increasing threat from ransomware attacks
Cyber attacks using ransomware pose a major threat to our society. Information technology systems are encrypted, sensitive data may be published and high ransoms demanded.
LKA NRW


Case numbers and media coverage show that the threat to companies and public institutions from cyber attacks has increased further in the past year. 
All areas of social and public life are affected. Cyberattacks are not only directed against commercial enterprises, but also against private individuals and public authorities.

The Bitkom association conducted the "Wirtschaftsschutz 2021" study in 2021. According to the study, a total of 88% of all companies surveyed were affected by cyber attacks in 2020 and 2021 and the economic damage caused by cyber attacks more than doubled to 223 billion euros. The companies surveyed consider ransomware attacks to be one of the biggest threats.

Increasing professionalization

The increasing professionalization of criminal cybercrime groups means that more complex malware is being used and attacks on information technology systems are becoming ever more sophisticated. 
In addition to the encryption of entire IT infrastructures and their backups, sensitive data is extracted and threatened with publication in the event of non-payment. This puts additional pressure on the victims, as publication can mean further damage and loss of reputation.

Infection with malware usually before encryption

Cybercrime groups obtain detailed information about their victims in advance of the actual encryption and initiate their attacks using sophisticated methods to open a "door" to the IT infrastructure. The "human vulnerability" in particular is exploited for this purpose. For example, emails compromised with malware are disguised as an email from a superior or business partner in order to persuade the recipient to open the malicious attachment. By opening the attachment, malware is installed without the victim realizing it. This enables the perpetrators to gain remote access to the data, spy extensively on the IT infrastructure and install the actual encryption software.

Ransomware as a service


Ransomware is increasingly being offered as a service ("ransomware-as-a-service") in the underground marketplaces of the darknet. In addition to the malware, ransomware groups also offer extensive product support and help with the implementation of the cyberattack in return for a commission. This means that complex attacks can be carried out even without in-depth technical knowledge.

The police advise

  • Inform yourself about the dangers of cyber attacks on the website of the Federal Office for Information Security and implement the measures for basic IT protection mentioned there.
  • Install software updates for your operating systems and software applications as soon as they are made available by the manufacturers.
  • Use a secure password. Information for a strong password can be found here. If possible, use two-factor authentication.
  • Only use the Internet with user accounts with limited authorizations
  • Create regular backups that are also available offline and check your processes for practicality.
  • Use encryption mechanisms and digital signatures for internal and external email communication.
  • In companies, sensitize your employees to the dangers posed by

Cyber attacks, especially with regard to

  • Social engineering
  • Phishing
  • Ransomware
  • Clarify all organizational measures before an incident occurs:
  • Who is responsible in the event of damage
  • Is communication and solvency ensured even in the event of full encryption?
  • Who is the contact person for internal and external communication
  • Who should be notified immediately

You have been affected by a ransomware incident

Contact your local police station. Companies and authorities also have the option of contacting the Cybercrime Single Point of Contact (SPoC, see contact on the right). The SPoC is available around the clock, seven days a week, provides fast and unbureaucratic assistance and can provide you with further information. 
General prevention tips on the subject of ransomware and how you can react in the event of damage can be found here.

Translated with DeepL.com (API Version)
In urgent cases: Police emergency number 110