The latest hacker attack by criminals on an IT service provider in southern Hesse has raised eyebrows. This is because its customers include energy suppliers, which in turn are part of the so-called critical infrastructure: This includes the supply of water, gas or electricity, but according to the companies concerned, these were not affected by the cyberattack as they are operated via other IT systems. Nevertheless, such attacks are on the rise and the damage is considerable. Here are questions and answers on the complex:

How big is the problem with hacker attacks?

Every year, the Federal Criminal Police Office publishes a situation report on cybercrime, a kind of overview of the development of this form of crime. It classifies attacks with ransomware (attempted extortion with ransom demands) as the biggest threat, with the damage caused by this alone estimated at 24.3 billion euros for 2021.

In Hesse, the number of all cybercrime cases recently rose by around ten percent from 2020 to 2021, with all possible types of computer fraud recorded. The Hessian CyberCompetenceCenter is seeing strong demand for help and advice in the event of a cyberattack, and Lukas Baumann, founder and CEO of Darmstadt-based start-up LocateRisk, says: "There are more attacks than ever before." His company investigates security risks at municipalities, DAX companies and banks.

What exactly is ransomware?

In principle, it is a computer program that can cause major damage. The attacker penetrates an IT system via vulnerabilities, the ransomware then encrypts hard disks and ultimately prevents access to data. At the same time, a ransom is demanded to decrypt the data and make IT systems accessible again. Until then, even large companies can be virtually paralyzed - in the most recent case alone, thousands of employees are currently unable to access their mailboxes. "The use of ransomware can significantly impair production processes and therefore threaten the existence of companies," warns the BKA.

Who is the target of these attacks?

IT security expert Baumann says: "It can affect anyone." The BKA also states that criminals are targeting everyone - authorities, companies and organizations. According to a survey conducted by the digital association Bitkom in 2021, nine out of ten companies had generally been the victim of a cyber attack in the twelve months prior. Ransomware accounted for almost a quarter of these. This time, criminals apparently targeted the IT service provider Count and Care in Darmstadt, which offers various services for companies as well as city and municipal administrations. "Attackers are clever and choose multipliers," reports Baumann. This increases the impact of an attack.

How are such attacks possible?

Baumann compares the IT infrastructure to a huge building with thousands of windows that must always be locked so that intruders have no chance. Nevertheless, there are weak points. "It's always a chain of unfortunate circumstances," he says. Theoretically, every employee in a company should be so protected by the IT framework alone that it is not enough, for example, to click on malware in an email attachment and activate it. However, the software is often not up to date - leaving a window open, so to speak. Even IT service providers are not flawless when it comes to security issues, says Baumann - for example, because the companies use a kind of blueprint for all their customers, which can no longer respond so specifically to the security requirements of individual customers.

How exactly did the hackers get into Count and Care's system?

The exact circumstances are not yet known and are part of the police investigation. The cyber attack was made public last Sunday - presumably the timing was no coincidence. Baumann from LocateRisk agrees. Intruders target companies when their IT systems are not under close observation and attacks are not noticed so quickly - on Friday evenings and at weekends, for example. During this period, companies need even longer to close security gaps than during the week. The intruders proceeded with perfidious speed.

What were the consequences of the latest hacker attack?

The energy supply was not at risk as, according to the companies, it runs via other IT systems. However, there were still some noticeable restrictions that affected more than just employees: customer centers of the municipal transport companies in Mainz and Darmstadt, for example, were unable to sell tickets, and in Frankfurt it was not possible to book an appointment online to collect bulky waste.

How long does it take to repair such damage?

That is still completely unclear and depends on various factors. How many areas are affected? Has it been possible to find the gateway and close it again? What data backups are in place? However, it seems clear based on previous cases: Until everything is running as before, that is more a question of weeks than days. The IT landscape has to be set up from scratch, says IT expert Baumann. In his experience, companies usually take the opportunity to bring their IT security infrastructure up to date in a very short space of time. A process that could otherwise take several years because the urgency would otherwise not be seen.

What can authorities and companies do to counter such attacks?

"IT security is not rocket science," says Baumann. It's about introducing certain standards and processes that have to be meticulously adhered to. "But you have to do it always and everywhere." This is a question of "hygiene" in IT security. Good plans are needed to prepare for a cyber attack and to keep the attack surface very small, for example.

Attempts to penetrate the system could happen at any time. The internet is scoured almost constantly, and lists of discovered vulnerabilities - the open windows in the IT building - and possible specific targets are even sold. Criminals could then launch a targeted attack. Overall, with regard to IT security in the face of advancing digitalization, company boss Baumann states: "There is still a lot to do." Another problem is that there is currently simply a lack of IT security specialists.