Tom Burt suspected evil. When Microsoft’s security chief analyzed the attacks on 400,000 e-mail exchange servers belonging to his company’s customers in February, he saw data spies at work in the first wave of attacks. In a second, however, blackmailers left their mark. They had smuggled special programs onto their victims’ computers, hijacked all data, encrypted them, thereby taking the IT systems hostage and demanding ransom money for their release.

Patrick Welter Correspondent for business and politics in Japan, based in Tokyo.

“This second wave of attacks is aimed at profit, and the attackers are cyber criminals, not state actors,” Burt told the FAZ at the time. The number of victims was still small and the damage was manageable. But the Microsoft security chief sounded the alarm. As a result, authorities such as the German BSI and the American CISA set all the lights to red. Eight weeks later, a tsunami of ransomware rolled through the world.

This year, according to initial estimates, more digital ransoms will be paid than ever before: $ 20 billion. The FBI speaks of “perfect crimes” in connection with so-called ransomware. Because nobody is safe anymore, it can happen to anyone. The perpetrators have so far covered all traces. Authorities feel in the dark. And this despite the fact that the victims are no longer just about data and dollars, but about life and death.

The wave spills over to Europe

Organizations that operate vital infrastructures are also on the attack lists of cyber criminals: hospitals and utility companies, logisticians, pharmaceutical companies and vaccine manufacturers. The hackers work from under the cover of the Darknet and demand ransom in digital currencies such as Bitcoin. That makes them stay invisible.

FAZ Frühdenker – The newsletter for Germany Working days at 6.30 a.m. SIGN IN

After hackers hijacked the IT system of one of the largest oil pipelines in America last week, paralyzed the 8,800 kilometer line between Houston and New York, temporarily impaired the supply of 50 million people and extorted a ransom, the wave of ransomware is now increasing to Europe. The technical systems of some of the European businesses of the Japanese industrial group Toshiba and that of the Irish state health service Health Service Executive (HSE) were hit on Friday.

The HSE had to shut down its IT data system completely in order to protect itself against the attack. Hospitals were also affected by this IT stop. According to General Director Paul Reid, the previous night the HSE had identified a “significant” and “demanding” attack with malware.

All national and local systems are affected, it said. HSE boss Reid assured that switching off the data systems would not affect hospital equipment and the care of patients in the hospitals, as these would be controlled with other IT systems. The corona vaccination program continues as planned. However, the Rotunda Hospital in Dublin had to cancel most of its patient appointments on Friday due to IT problems. Only very pregnant women and emergencies were allowed to come.

In sight for three years

Other hospitals in Ireland also reported disruptions to their operations as a result of the IT interventions. So far it is not clear who is behind the hacker attack. HSE has also not yet received a request to pay a ransom, the health service management said. The Irish National Police’s cybersecurity team has been involved in the case.

<br />



For the past three years, cyber criminals have been targeting medical institutions and organizations in particular. According to Interpol, the attackers are not afraid to put the lives of patients at risk and the smooth running of the work in the facilities when it comes to paying ransom money. Vladimir Kuskov of the Russian IT security company Kaspersky said the blackmailers only have one goal: money. Therefore, the IT systems of large companies are now being attacked more and more.

According to the IT security company BlackFog, companies such as the US subsidiary of the French Dassault Group, the British real estate dealer Foxtons, the oil company Shell and Kia Motors America have been exposed to severe attacks since the beginning of the year. Toshiba has now also been the victim of an extortionate hacker attack in Europe. The Japanese electronics company announced on Friday that European units of the subsidiary Toshiba Tec had been infected by a ransomware attack. The computer systems themselves are not affected, said Masaharu Kamo, vice president of the group, in front of journalists.

The companies in the group used different IT networks. Toshiba Tec sells copy office machines and cash registers for the trade. It appears as if the attack came from a hacker group called DarkSide, the company said on request.

75 Bitcoin ransom

According to the FBI, DarkSide was also behind the attack on the American oil pipeline. According to the Bloomberg news agency, the group is said to have received 75 Bitcoin ($ 3.75 million) from the operator of the oil pipeline, Colonial Pipeline Co. Now Colonial is setting about reopening the most important gasoline pipeline on the east coast. Because people were buying gasoline in advance, there have been reports of fuel shortages at gas stations in Washington.

So far, neither the company nor security groups have wanted to confirm the notification of the payment. The security advisor of the White House, Anne Neuberger, had already indicated the possibility of a payment and showed understanding for the delicate situation of the group. According to a rumor, the hackers were able to break into the system after a Colonial employee clicked a link in a phishing email that was supposed to lead to pictures of scantily clad women.