Resilience in the face of threat

On November 9, 2023, it became known that the hacker group Akira was behind the attack on the service provider Südwestfalen-IT. This service provider plays a central role for more than 70 municipalities in the region, whose services are now severely compromised. Despite the seriousness of this cyberattack, both the affected municipalities and Südwestfalen-IT itself categorically refuse to pay a ransom.

Decrypting the threat: Akira

According to information disclosed by dpa in a confidential report from the Ministry of the Interior to the state parliament, Akira is a hacker group active since March and increasingly aggressive in the field of ransomware internet extortion. According to IT security firm Logpoint and Malwarebytes, Akira copies and encrypts corporate data to enable double extortion. Their demands vary from 200,000 to several million US dollars, although they are apparently willing to lower the demands if the victims only want to prevent the publication of the stolen data.

The consequences of the attack

The attack led to the encryption of Südwestfalen-IT’s servers and a request to make contact on the darknet. So far, no specific ransom amount has been named. The effects of this attack are far-reaching: 74 local authorities are suffering from the shutdown of their systems, with the districts of Siegen-Wittgenstein and Olpe being hit particularly hard. Administrative functions are limited, and in some areas citizens’ offices, immigration offices and vehicle registration offices have had to close.

The reaction of the authorities

Interestingly, no data from Südwestfalen-IT has yet surfaced on the Darknet. The authorities and the company concerned remain steadfast in their decision not to negotiate or pay ransoms. This stance reflects an increasing tendency not to respond to cyber extortion with payments, as this could lead to an increase in such criminal activities.

Conclusion: A new chapter in the fight against cybercrime

This incident marks a significant chapter in the fight against cybercrime and ransomware attacks. The firm refusal to pay a ransom sends an important signal to cybercriminals and could help to reduce the effectiveness of this extortion method in the long term. While the short-term impact for the affected municipalities and Südwestfalen-IT will be severe, in the long term this stance could represent a turning point in the fight against the growing threat of ransomware.