Last week's hacker attack on the Hessian IT service provider Count and Care is linked to an extortion attempt using ransomware. Criminals attempt to obtain ransom money by using a malicious program to encrypt computers or prevent or hinder access to IT systems. The attackers demand a ransom for decryption, as the Hessian Ministry of the Interior announced on Tuesday in response to an inquiry. It was unclear who exactly the perpetrators are. The amount of damage has also not yet been determined.

Energy suppliers also affected

Several companies in the Rhine-Main region and some municipalities in southern Hesse have been affected by the cyber attack, which began on Sunday. The victims include the Darmstadt energy supplier Entega, the Frankfurt waste disposal and service group (FES), the Darmstadt transport company Heag and the Mainz municipal utilities including local transport companies that work with the IT company.

Their homepages are no longer accessible and some services are restricted. However, the supply of gas, water and energy as well as telecommunications services are guaranteed, said a spokesperson for the utility company Entega, to which the IT service provider belongs, on Tuesday (June 14). These services run via a completely different system.

Experts are currently analyzing the hacker attack and are working at full speed to get the systems up and running again with the help of backups. The Entega spokesperson said that it is currently not possible to estimate how long this will take. According to the Hessian Ministry of the Interior, experts from the Hessian Cyber Competence Center Hessen3C have been on duty since Sunday and are helping to secure evidence and rebuild the IT systems.

Services restricted

Customer data has not been affected by the cyber attack. Among other things, the company's homepages and employees' email accounts were paralyzed. However, some services have also been restricted. In Frankfurt, for example, it is no longer possible to register bulky waste online with the FES, in the Mainz area and in Darmstadt, public transport passengers can expect individual cancellations and delays, and ticket sales in customer centers, for example, are restricted.

"In the coming days, there may be isolated delays and cancellations, but we are doing everything we can to keep the restrictions for our passengers as low as possible," said Ann-Kristina Natus, Managing Director of Heag mobilo in Darmstadt. The Entega spokesperson said that some local authority services in the Odenwald district were also currently restricted as their homepages could not be accessed.

Public prosecutor's office investigating

The police and public prosecutor's office are involved and have started investigations. The Central Office for Combating Internet Crime, a branch office of the Public Prosecutor General's Office in Frankfurt, is in charge. A spokesperson for the authority said on Tuesday that the investigation was still in its early stages. He was therefore unable to provide any further information on the case at present. He also did not want to comment on the amount of the ransom demand.

This is not the first time that cyber criminals have struck in Hesse. At the end of April, even the police themselves were affected and had to temporarily take their internet portal offline due to several overload attacks. At the beginning of June, unknown persons managed to penetrate the company network of the Kassel city cleaning service despite multiple security measures. According to the company, an appointment database for the collection of bulky waste or electronic waste, among other things, was destroyed.