On Tuesday, the information on Covid-19 still dominated the Internet portal of the district of Anhalt-Bitterfeld, but right next to it, the district administrator informed about another virus that completely paralyzed the computer systems of his administration at all locations.

"This incident poses no direct danger to life and limb for the population," it says there.

But the ability to work of the administration and its 900 employees is "extremely limited by the attack to a considerable extent until further notice".

Inquiries can only be answered by phone or fax, communication by email is not possible.

The district administration has not received any e-mails since July 5th.

Invoices would have to be "sent by post in the form of letters".

Stefan Locke

Correspondent for Saxony and Thuringia based in Dresden.

  • Follow I follow

The cause was quickly clear: It was a cyber attack in which criminals use computer viruses to block the information and data processing systems of institutions or companies - mostly in order to release them again for a ransom. In fact, the previously unknown attackers reported to the district office and demanded a ransom, said the State Criminal Police Office (LKA) Saxony-Anhalt on Tuesday. The authority did not provide any information about the amount, but claims in six or seven figures are not uncommon, said a spokesman. According to the investigators, the attackers encrypted the data with so-called ransomware, which could be revoked after the payment. However, according to the LKA, there is no guarantee that everything will run as it was before.

A spokesman said that the district disconnected all critical systems from the network immediately after the attack, so that no further data would flow out, and at the same time declared a disaster.

Since the weekend, IT specialists from federal and state authorities have been analyzing which virus it is and how it can be combated effectively.

In addition, work is being carried out on the reconstruction of the IT infrastructure in order to be able to act again as quickly as possible for the around 160,000 inhabitants of the district between Halle and Magdeburg.

"It will certainly be important that welfare recipients get their money, that the maintenance advance can be paid," said the spokesman.

In addition, one is in contact with other district administrations who could take on temporary service offers.

There are attacks almost every day

According to the German Cyber ​​Security Organization (DCSO), a network founded by Allianz, Bayer, BASF and VW to ward off cyberattacks, attacks with ransomware occur almost every day. Organized cyber crime is behind this, said Dror-John Roecher from the DCSO of the FAZ. "These attacks are not carried out by individual perpetrators." Some are specialized in the infiltration of networks, others in the sale of access to the damaged companies. "We generally advise against paying ransom, unless this is done in close consultation with the law enforcement authorities," said Roecher. Even if there is no one hundred percent protection,Proven back-up and recovery procedures as well as the continuous updating of software and systems could minimize the likelihood of cyberattacks.

Hacker attacks on local governments are a recurring problem, said the chief executive of the German Association of Towns and Municipalities Gerd Landsberg the MDR. Hackers tried to attack municipal facilities, including public utilities, all over Germany. It is crucial that the IT systems and security precautions in the administrations are constantly kept up to date. The left in the Saxony-Anhalt state parliament called for the attack to be dealt with in parliament.