Allianz is warning of an increasing number of online blackmail attacks on faltering global supply chains. According to the industrial insurer AGCS, which is part of Allianz, companies that deliver essential goods for the economy and society are among the most vulnerable targets.

IT service providers whose systems are networked with a large number of computers in customer companies are another target. In this way, cyber criminals can install blackmail software on a large number of computers at different companies within a short period of time, write the AGCS experts in their 'Cyber Report' published on Wednesday. Attacks on supply chains are the "next big trend", said AGCS manager Jens Krickhahn.

There have already been several ransomware attacks of this kind in recent months, but the AGCS experts expect or fear that the number of cases will continue to rise. Ransomware means that hackers encrypt the computers of attacked companies and demand large sums of money to unlock the systems. A common method is to send e-mails with encryption software in an attached file to authorities and companies. In May, hackers paralyzed the systems of the US gasoline supplier Colonial Pipeline, resulting in a temporary restriction of the gasoline supply on the US East Coast.

Simply rent the ransomware attack

Both the damage and the sums demanded are getting higher and higher. Five years ago, "5000, 6000, 7000 euros" were still being demanded in online blackmail cases, reported Krickhahn. In 2020, there were already demands of 30 million dollars. "Nowadays, we are already seeing demands of 50 million dollars."

According to AGCS, the criminal boom is being fueled by the fact that hacker groups are now acting as service providers. "You can actually go and hire ransomware attacks as an average IT-savvy person," said Krickhahn. "In some cases, you get a hotline function with it."

Not only are the sums extorted becoming higher, but the effort required to restore blocked systems is also becoming more expensive and time-consuming, according to the cyber report. The AGCS refers to analyses according to which the average total costs for the recovery and downtime of a blocked system more than doubled last year compared to 2020, from just over USD 761,000 to USD 1.85 million.

According to the AGCS experts, many cyber attacks could be averted or the damage limited. "80% of the damage is caused by simple errors," said AGCS manager Michael Daum - citing servers with outdated operating systems and corresponding security vulnerabilities as an example. Companies should not only focus on prevention, but also need "digital alarm systems" to be able to recognize and stop a hacker attack in good time once it has started.