BKA: Ransomware affects communities

The threat and damage potential of encryption Trojans increased noticeably again in 2021. This is the conclusion of the Federal Criminal Police Office (BKA) in its “Federal Situation Report Cybercrime 2021” published on Monday. As a result, such attacks also impair the functioning of the community. Entire supply chains are at risk.


Threat to society

Ransomware remains the most damaging modus operandi in cybercrime. The threat potential posed by ransomware has even increased significantly in 2021 compared to the previous year. According to the BKA, the average sums extorted increased by 21 percent compared to 2020, to US$ 204,695. The resulting annual damage has more than quadrupled since 2019 – from an estimated 5.3 billion euros in 2019 to an estimated 24.3 billion euros in 2021.

But the monetary damage is not enough. According to the BKA’s “Federal Situation Report Cybercrime 2021”, the year 2021 was marked by blatant attacks on critical infrastructure, public administration and international supply chains. In the meantime, “the functionality of the community” is also being impaired by ransomware. An example of this is the ransomware attack on the district administration of Anhalt-Bitterfeld on July 5th, 2021. The cyber disaster in Germany was first identified here. The provision of public services was permanently restricted, even months after the attack, no normal regular operation was possible.

According to the Federal Criminal Police Office, the so-called “double extortion” has now established itself as the standard modus operandi. The blackmail is carried out by encrypting the systems while at the same time threatening to publish sensitive data. In around 81 percent of the blatant cases, the cyber criminals resorted to this method to affects communities.


More cyber crimes with a falling clear-up rate

The police crime statistics (PKS) recorded a 4.9 percent decrease in criminal offenses for 2021 compared to the previous year. The situation is different when it comes to the number of cyber crimes recorded – a new high was reached in the 2021 reporting year. To be more precise, the PKS recorded around 146,363 offenses in the cybercrime area (including identity theft and malware attacks) for last year, which corresponds to an increase of 12.2 percent compared to 2022.

The clear-up rate has also developed positively on average – it has risen by 0.3 percent and is now 58.7 percent. With regard to cyber crimes in 2021, these fell by 2.7 percent compared to the previous year. According to the BKA report, the clear-up rate for cyber crimes was 29.3 percent last year. The Federal Criminal Police Office attributes this development, among other things, to the “increasing digitization of society, increased anonymization on the Internet and the complex investigation and attribution of perpetrators who are often abroad”. At the same time, the BKA also points out that the informative value of the PCS with regard to all cyber crimes committed in Germany can only be ascribed limited significance, since the number of unreported cases in this area is enormous due to the phenomenon. According to studies, it is estimated at up to 91.5 percent.


Active Underground Economy

As a basis for many crimes in the cyber area, the offer of the so-called underground economy is used. This includes platforms and services on which (cyber) criminals offer or use data, tools, jobs and relevant criminal know-how. Here, for example, banking trojans can be purchased for 1,000 to 10,000 dollars or remote administration tools (RAT) for around 3,000 dollars. In the past year, so-called Initial Access Brokers (IAB) and fake vaccination certificates have gained in relevance. The underground economy is promoted by the above-average number of unreported cases in the area of cybercrime. Criminal offenses are often not reported in the first place, which means that the law enforcement authorities are unable to take any action at all. Connections between individual criminal offenses could also not be recognized and tracked without respective notifications.

According to the Federal Criminal Police Office, the 2021 reporting year once again made clear the increasing adaptability of cybercrime actors. They acted more professionally and with a high degree of division of labor according to the “Crime-as-a-Service” model. According to the Federal Criminal Police Office, classic phishing was once again one of the main entry vectors for malware. That was also the reason for the massive tapping of sensitive personal data. In order to penetrate systems, the cyber criminals also used knowledge of existing zero-day exploits and unpatched vulnerabilities.


Fighting cybercrime as a “task for society as a whole”

According to the Federal Criminal Police Office, despite all the circumstances, “regularly significant strikes against crime in cyberspace were successful last year”. The shutdowns of the VPN service provider vpnlab.net, the Emotet infrastructure and the Hydra Market on the dark web are cited as examples. Nationally, the Federal Criminal Police Office highlights in its report the “cyber bunker trial” with a first conviction under Section 129 of the Criminal Code in this area, as well as the first investigations into criminal groups organized via Telegram.

The BKA sees the Russian war of aggression against Ukraine as a potential further catalyst in the field of cybercrime after the corona pandemic. This is “the first military conflict that is also being conducted to a significant extent in cyberspace”. The activities of the respective actors often do not stop at national borders “and can quickly have an impact on companies, critical infrastructure and state institutions in countries not directly involved in the war”. The BKA therefore wants the fight against cybercrime to be understood as a task for society as a whole. The Federal Criminal Police Office sees close and trustworthy cooperation between state authorities and private companies as a “basic requirement for the implementation of effective measures to contain cybercrime”. Learn more.


Source: BKA – Bundeslagebild Cybercrime 2021