“We have been really busy since Friday evening,” says Carsten Gries, managing director of the shelving and furnishing specialist Berger. At that time, hackers gain access to the company’s computers from Korntal near Ludwigsburg. Then all computers fail, large and small, PCs, notebooks and also the servers. Now new hardware is needed. There are copies of the old data.
“Thank God,” says Gries. When the Berger managing director from Korntal near Ludwigsburg talks about the latest data attack, he doesn’t mince his words. “To cope with such a hacker attack is quite an effort,” he said, one has to pull back from the abyss with all one’s might. “We are doing very well so far: We have a great team, great external partners, and I am sure that we can manage it again.” When the head of the IT department reported shortly before the weekend that there was no access give more to the systems, the world still looked pitch-black.
Targeting medium-sized businesses
Berger is one of the companies that are customers of IT service provider Kaseya in Florida. Weeks ago, hackers identified vulnerabilities in the Americans’ mainframes. Then they got into it via a manipulated software update and worked their way into the computers of hundreds, if not thousands, of customers. Kasyea stated that fewer than 60 direct customers and fewer than 1500 of their customers are affected. The hackers encrypted and blocked important data on the company’s network and finally demanded a ransom of $ 70 million.
Payment was out of the question at Berger. 70 employees, 30 million euros annual turnover, corporate customer business, specializing in warehouse and factory equipment. “We are German medium-sized companies,” says Gries. And suddenly he found himself and his company facing one of the darkest sides of globalization: international cybercrime. A huge risk that, according to the IT industry association Bitkom, costs the German economy 100 billion euros a year. The perpetrators often go undetected. The most recent hacking attack is believed to have come from a hacking group called REvil.
It should operate from Eastern Europe and at least be tolerated by the Russian government. The attack on Kaseya’s computers is not only considered dangerous, according to numerous analysts it is also sophisticated and professionally executed. The attack is not the work of forest and meadow hackers. It did go around the world, hit many companies and must be seen in a row with several severe attacks over the past few months.
The number of hacks with ransomware continues to rise, but according to the Federal Office for Information Security (BSI), the damage caused by the Kaseya incident is still limited in this country. A spokesman for the BSI said that it has been shown that simple backups can be a very effective help in attacks that use encryption technology to block data and extort ransom money. It is therefore important to back up the data and to keep these copies separate from the work system. In addition, there is a need for emergency and deployment plans in which the employees of an affected company know exactly what to do if the worst comes to the worst. These plans are best printed out or written down with pen and paper. Because the best plan is of no use if it’s in the wrong hands. Carsten Gries from the furniture specialist Berger can only confirm that.