The cybercrime scene is becoming an increasingly professional business and is increasingly threatening critical infrastructure companies, according to computer science professor Michael Pilgermann. "Cyber criminals are springing up like mushrooms," said the IT security expert, who teaches at the Brandenburg University of Applied Sciences in Brandenburg an der Havel, to the German Press Agency. There are more and more cyber crooks working in a division of labor, and the technologies are also constantly evolving. Pilgermann spoke of a "game of cat and mouse".

The Potsdam city administration has been offline since January 4 following indications from the security authorities of an imminent cyber attack. On January 5, the crisis team wanted to discuss how to proceed, according to a city spokesperson. The plan is to gradually go back online in the second calendar week. Potsdam's Lord Mayor Mike Schubert (SPD) had said days ago that the effort required to protect against unscrupulous criminals on the Internet was becoming ever greater.

Increasing the effort for attackers

"There is no such thing as 100 percent protection," said IT expert Pilgermann. "Otherwise we would have to disconnect from the internet." Companies and administrations should invest permanently in cyber security protection and establish a permanent security management system. "It's not enough to buy a firewall once". It must be possible to increase the costs for the attackers so that they exceed the proceeds for the criminals.

According to Pilgermann, online blackmail using malicious encryption software, so-called "ransomware", is the number one attack. A good half of the companies and organizations affected pay the ransom demanded. However, the number of attacks on critical infrastructure is also increasing.

"The situation is serious," said Pilgermann. He also cited Germany's first digital disaster in the Anhalt-Bitterfeld district, which lasted from July 2021 to the beginning of February 2022. Several of the district's servers were infected with so-called ransomware. This encrypts data. After a ransom was paid, the data was supposed to be released again. However, the district refused to pay the money.

BSI reports over 452 disruptions to the IT security of critical infrastructures

From June 2021 to the end of May 2022, a total of 452 IT security incidents at critical infrastructure operators were reported to the Federal Office for Information Security. In the same period in 2020, there were 419 reports in Germany, compared to 252 cases previously. In addition to the state and administration, critical infrastructure includes energy suppliers as well as the transport and healthcare sectors.

In addition to computer science, the technical university with around 2,500 students also offers an online course in IT security. It is in high demand and is often completed while working, said Pilgermann, who has been Professor of Applied Computer Science there since 2021.

Bavaria reports: "Threat situation at a high level"

Attacks on computer systems with encryption Trojans (ransomware) continue to be a major problem for companies, public institutions and private individuals in Bavaria. There was a considerable amount of ransomware last year, senior public prosecutor Thomas Goger, deputy head of the Cybercrime Central Office in Bavaria (ZCB), told the German Press Agency. "The threat situation is at a high level."

Goger regretted that it had not yet been possible to get to the perpetrators. "It's already a success if we can understand how the perpetrators got online."

It is often asked whether the emergence of these Trojans has anything to do with Russia's war of aggression against Ukraine and whether the cases have therefore increased after February 24. "We can't make that connection," said Goger. "It is realistic to assume that the threat situation for cyber attacks has intensified since then. But ransomware was already a big problem before that. The perpetrators have become increasingly professional and now have considerable financial resources at their disposal."

In a ransomware attack, malware that encrypts data is installed without the victim's knowledge. Victims can then no longer access them. The perpetrators demand a ransom for the decryption.

The Central Cybercrime Unit was founded in 2015 as a Bavarian special unit in the fight against cybercrime. It currently has 21 posts for public prosecutors, for example to combat cyber attacks on companies, fraudulent online platforms and child pornography on the internet.